On Thu, Sep 21, 2017 at 7:17 PM, Ryan Sleevi via dev-security-policy
wrote:
> I think we can divide the discussion into two parts, similar to the
> previous mail: How to effectively transition Symantec customers with
> minimum disruption, whether acting as
Jeremy,
Thanks for attaching the diagrams - this is very useful in helping
visualize out the graph! Special thanks for detailing out the validation
flow DigiCert both practices and plans to practice - this level of
transparency goes a long way to helping assess and understand both risks
and
On Thursday, September 21, 2017 at 11:23:28 AM UTC-5, Gervase Markham wrote:
> The CA Certificates module owner and peers have come to a decision
> regarding our investigations into the activities of the CA "PROCERT".
>
> A large number of issues were raised regarding the operations and
>
On Thursday, September 21, 2017 at 10:13:56 AM UTC+1, Rob Stradling wrote:
> Our CPS has now been updated.
Will you be ensuring that CAs like Gandi who are chaining back to your roots
also update their CPS?
Regards
Rich.
___
dev-security-policy
On 21/09/2017 23:08, alejandrovolcan--- via dev-security-policy wrote:
> Dear Gerv, I have attached a document that gives us a greater
> response to each of the points, as well as Mr. Oscar Lovera sent you
> an email with the same information
>
>
El lunes, 18 de septiembre de 2017, 8:27:18 (UTC-5), Gervase Markham escribió:
> On 11/09/17 12:03, Gervase Markham wrote:
> > Thank you for this initial response. It is, however, far less detailed
> > than we would like to see.
>
> I have not had any further updates from PROCERT. I have tried
The CA Certificates module owner and peers have come to a decision
regarding our investigations into the activities of the CA "PROCERT".
A large number of issues were raised regarding the operations and
practices of this CA:
https://wiki.mozilla.org/CA:PROCERT_Issues
Considering them, it seems
I can confirm that as of this moment the VISA OCSP responders are still
responding GOOD for non-existent certificates. VISA was originally
contacted by me on August 29 so it has now been over 21 days since initial
report.
-Paul
On September 21, 2017 at 9:32:12 PM, Gervase Markham via
It seems like the list of topics to cover on the Responding to a
Misissuance page:
https://wiki.mozilla.org/CA/Responding_To_A_Misissuance#Incident_Report
has become a de facto template for incident reports.
We've now had quite a few CAs use this outline to respond to issues. If
people (CAs or
Additionally, 13 days ago it was reported to VISA that their OCSP
responder was misconfigured to return "good" responses for non-existent
certificates:
https://bugzilla.mozilla.org/show_bug.cgi?id=1398261
As far as I can see, this is the case for their end-entity certificates,
not just some roots
On 08/09/17 20:24, Andrew Ayer via dev-security-policy wrote:
The BRs state:
"Effective as of 8 September 2017, section 4.2 of a CA's Certificate
Policy and/or Certification Practice Statement (section 4.1 for CAs
still conforming to RFC 2527) SHALL state the CA's policy or practice
on
11 matches
Mail list logo