Hello Wayne,
I’ve investigated the OCSP’s issue time ago, I can tell you that it’s related
with https://github.com/golang/go/issues/21527 cause we send all the certs
chaining up to the roots.
BR
Juan Angel
De: Wayne Thayer [mailto:wtha...@mozilla.com]
Enviado el: miércoles, 17 de en
On 1/9/18 4:23 PM, Kathleen Wilson wrote:
I will be re-assigning all of the root inclusion/update Bugzilla Bugs
back to me,
Done
and I will take back responsibility for the high-level
verification of the CA-provided data for root inclusion/update requests.
I hope to begin work on this b
On Wed, Jan 17, 2018 at 3:32 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 17/01/2018 23:03, Jonathan Rudenberg wrote:
>
> You seem to be stuck inside some kind of ivory tower world where
> computers are king and everything is done by robots.
>
> This
On Wed, Jan 17, 2018 at 7:54 AM, Alex Gaynor wrote:
> Hi Wayne,
>
> After some time thinking about it, I struggled to articulate what the
> right rules for inclusion were.
>
> Yes, that is the challenge.
So I decided to approach this from a different perspective: which is that I
> think we shoul
On 1/4/18 3:53 AM, Kurt Roeckx wrote:
On 2018-01-04 01:36, Kathleen Wilson wrote:
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit: https://cert.webtrust.org/SealFile?seal=2120&file=pdf
Audit Statement Date: 2016-09-15
CA Comments: null
The audit period o
On Wed, Jan 17, 2018 at 7:46 AM, Tim Hollebeek
wrote:
> I support "encouraging" those who are currently using the public web PKI
> for
> internal uses to move to their own private PKIs. The current situation is
> an
> artifact of the old notion that there should be a global "One CA List to
> Rul
On 17/01/2018 22:51, Peter Bowen wrote:
On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy
wrote:
4. Selected company CAs for a handful of too-bit-to-ignore companies
that refuse to use a true public CA. This would currently probably
be Microsoft, Amazon and Google. Th
On 17/01/2018 23:03, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 16:24, Jakob Bohm via dev-security-policy
wrote:
On 17/01/2018 21:14, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
wrote:
On 17/01/2018 16:13, Jonathan Rudenberg wrote:
On Jan 1
> On Jan 17, 2018, at 16:24, Jakob Bohm via dev-security-policy
> wrote:
>
> On 17/01/2018 21:14, Jonathan Rudenberg wrote:
>>> On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
>>> wrote:
>>>
>>> On 17/01/2018 16:13, Jonathan Rudenberg wrote:
> On Jan 17, 2018, at 09:54, Ale
On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy
wrote:
> 4. Selected company CAs for a handful of too-bit-to-ignore companies
> that refuse to use a true public CA. This would currently probably
> be Microsoft, Amazon and Google. These should be admitted only on
> a te
On 17/01/2018 21:14, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
wrote:
On 17/01/2018 16:13, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 09:54, Alex Gaynor via dev-security-policy
wrote:
Hi Wayne,
After some time thinking about it, I struggl
> On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
> wrote:
>
> On 17/01/2018 16:13, Jonathan Rudenberg wrote:
>>> On Jan 17, 2018, at 09:54, Alex Gaynor via dev-security-policy
>>> wrote:
>>>
>>> Hi Wayne,
>>>
>>> After some time thinking about it, I struggled to articulate wh
As for what CA organizations to include in a future iteration of the
Mozilla root store, I would say that there are 4 groups that I (as a
browser user) would like to get included and 2 which I would not:
1. Global public CAs that provide certificates to subscribers from all
over the world sub
On 17/01/2018 16:13, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 09:54, Alex Gaynor via dev-security-policy
wrote:
Hi Wayne,
After some time thinking about it, I struggled to articulate what the right
rules for inclusion were.
So I decided to approach this from a different perspective: w
On Tuesday, January 16, 2018 at 3:46:03 PM UTC-8, Wayne Thayer wrote:
> I would like to open a discussion about the criteria by which Mozilla
> decides which CAs we should allow to apply for inclusion in our root store.
>
> Section 2.1 of Mozilla’s current Root Store Policy states:
>
> CAs whose
Thank you for reporting this misissuance. Since this is a different issue
than described in bug 1390977, I have created a new bug to track this
problem and your response:
https://bugzilla.mozilla.org/show_bug.cgi?id=1431164 Please also post your
incident report here.
Also, the crt.sh link above is
Hello,
I have to inform you about a SSL certificate misissued. OU contains
non-printable control characters.
https://crt.sh/?id=305441195
It has already been revoked.
Regards
Juan Angel Martin Gomez
AC Camerfirma
___
dev-security-policy mailing list
On Friday, January 12, 2018 at 8:33:42 AM UTC-7, Hanno Böck wrote:
> Hi,
>
> Comodo ITSM (IT Service Management Software) runs an HTTPS server on
> localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
> to localhost.
>
> It is obvious that with this setup the private key is part
Hey JC,
We have a very similar need and will like to use the OneCRL. We will have ~3000
clients pulling the OneCRL once per day. Hopefully, it is acceptable.
-Umesh
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://list
On Tue, Jan 16, 2018 at 3:45 PM, Wayne Thayer via dev-security-policy
wrote:
> I would like to open a discussion about the criteria by which Mozilla
> decides which CAs we should allow to apply for inclusion in our root store.
>
> Section 2.1 of Mozilla’s current Root Store Policy states:
>
> CAs
> On Jan 17, 2018, at 09:54, Alex Gaynor via dev-security-policy
> wrote:
>
> Hi Wayne,
>
> After some time thinking about it, I struggled to articulate what the right
> rules for inclusion were.
>
> So I decided to approach this from a different perspective: which is that I
> think we should
Hi Wayne,
After some time thinking about it, I struggled to articulate what the right
rules for inclusion were.
So I decided to approach this from a different perspective: which is that I
think we should design our other policies and requirements for CAs around
what we'd expect for organizations
Wayne,
I support "encouraging" those who are currently using the public web PKI for
internal uses to move to their own private PKIs. The current situation is an
artifact of the old notion that there should be a global "One CA List to Rule
Them All" owned by the operating system, and everyone s
On 17/01/18 10:25, Rob Stradling wrote:
> However, the Stable version of the Mozilla Root Store Policy [2] still
> says 15th January 2018.
>
> Surely the Stable version of the Policy is in force and the Draft
> version is not yet in force?
>
> Perhaps Mozilla could consider publishing a v2.5.1 of
+1
ISTM that Wayne is already doing an excellent job!
On 16/01/18 22:03, Kathleen Wilson via dev-security-policy wrote:
All,
I propose adding Wayne Thayer as a peer[1] of Mozilla's CA Certificates
Module[2] and CA Certificate Policy Module[3]. As you know, Wayne and I
are distributing the jo
On 17/01/18 09:21, Ryan Sleevi via dev-security-policy wrote:
Specifically,
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J3mogw7
Ben, Ryan,
Hmm, you're right. (I must've skipped over that disclosure deadline
change because
Specifically,
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J3mogw7
On Tue, Jan 16, 2018 at 6:06 PM, Ben Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> What about the Mozilla CA communication tha
27 matches
Mail list logo
