On Fri, Jan 12, 2018 at 5:46 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 11/01/2018 05:38, Ryan Sleevi wrote:
> > On Thu, Jan 11, 2018 at 2:46 AM Jakob Bohm via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >> On
On 11/01/2018 05:38, Ryan Sleevi wrote:
On Thu, Jan 11, 2018 at 2:46 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 11/01/2018 01:08, Ryan Sleevi wrote:
On Wed, Jan 10, 2018 at 6:35 PM, Jakob Bohm via dev-security-policy <
Thank you very much to everyone who replied to my original post. I think
the fact that so many people are making the same mistakes indicates that
the correct solutions are not obvious to many developers.
I have added a "How could this be done better?" section to my README:
On Thu, Jan 11, 2018 at 3:28 PM, josh--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> https://community.letsencrypt.org/t/2018-01-11-update-regard
> ing-acme-tls-sni-and-shared-hosting-infrastructure/50188
>
> Speaking for myself, this is an excellent game plan that
On Thursday, January 11, 2018 at 3:36:50 PM UTC-6, Ryan Sleevi wrote:
> On Wed, Jan 10, 2018 at 4:33 AM, josh--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > At approximately 5 p.m. Pacific time on January 9, 2018, we received a
> > report from Frans Rosén of
On Thu, Jan 11, 2018 at 4:50 PM, Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Based on reported issues with TLS-SNI-01, we started investigation of our
> systems late yesterday regarding the use of "Test Certificate" validation,
> BR section 3.2.2.4.9.
Based on reported issues with TLS-SNI-01, we started investigation of our
systems late yesterday regarding the use of "Test Certificate" validation, BR
section 3.2.2.4.9.
We found that this method may be vulnerable to the some of the same underlying
issue as the ACME TLS-SNI-01 so we
On Wed, Jan 10, 2018 at 4:33 AM, josh--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> At approximately 5 p.m. Pacific time on January 9, 2018, we received a
> report from Frans Rosén of Detectify outlining a method of exploiting some
> shared hosting infrastructures
On 10/01/18 17:39, Matthew Hardeman wrote:
> Here again, I think we have a problem. It's regarded as normal and
> acceptable at many web host infrastructures to pre-stage sites for
> domain-labels not yet in use to allow for development and test deployment.
I agree that "no unknown domain names"
9 matches
Mail list logo