On 27/10/17 00:23, Kathleen Wilson wrote:
> Looking forward to further discussion about which errata should be allowed.
Those are the correct two errata.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozil
On 18/10/17 13:49, Gervase Markham wrote:
> Apple have confirmed that their list is complete and correct.
As have Google.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-pol
Thank you for writing this up.
Do any of the other CAs with trusted server certificates intend to publish
similar reports? (Based on CT logs that'd be Comodo, Symantec, and
GlobalSign).
Alex
On Tue, Oct 24, 2017 at 12:28 PM, Daymion Reynolds via dev-security-policy <
dev-security-policy@lists.mo
I can not help but notice that the host names of the certificates involved
rather strongly suggest that a series of device or embedded server is creating
these CSRs / utilizing these certificates.
As you mentioned, some users subsequently requested certs for the same keys
already previously uti
On Tue, Oct 17, 2017 at 2:06 AM, Gervase Markham wrote:
> On 16/10/17 20:22, Peter Bowen wrote:
>> Will the new managed CAs, which will operated by DigiCert under
>> CP/CPS/Audit independent from the current Symantec ones, also be
>> included on the list of subCAs that will continue to function?
>
On Tue, Oct 24, 2017 at 12:28 PM, Daymion Reynolds via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Godaddy LLC first became aware of possible ROCA vulnerability exposure on
> Monday October 16th 2017 at 9:30am. The following are the steps we took for
> detection, revocati
I'm also very interested in this scenario.
I'm also interested in what happens if a trusted DigiCert root is signed by
a Symantec root. I assume this wouldn't impact trust since the chain
building would stop at a DigiCert root, but I wanted to be sure.
-Original Message-
From: dev-secur
On Fri, Oct 27, 2017 at 9:21 AM, Jeremy Rowley
wrote:
> I'm also very interested in this scenario.
>
> I'm also interested in what happens if a trusted DigiCert root is signed by
> a Symantec root. I assume this wouldn't impact trust since the chain
> building would stop at a DigiCert root, but I
Yes. Or any root that is cross signed by the Symantec sub cas. I assume there
would be zero impact as the chain building should stop with the trustees root
and not look at the Symantec roots, but it’s definitely good to double check.
On Oct 27, 2017, at 10:32 AM, Peter Bowen
mailto:pzbo...@gmai
Without commenting on the Symantec aspect of this, there is a rather
substantial correction to the behaviour of client software - including
Firefox.
Unfortunately, very few libraries and path validators support chain
building terminating at trust anchors in the way you describe. Recent
changes in
10 matches
Mail list logo
