On Tue, Apr 24, 2018 at 7:11 PM, Wayne Thayer wrote:
> Thanks Matthew, I appreciate you bringing this to everyone's attention.
>
> Unless I'm misunderstanding the scope of the attack, it would have been
> trivial for them to get a trusted cert from most any CA. However, according
> to the followi
On Tue, Apr 24, 2018 at 9:21 AM, Ryan Sleevi wrote:
>
>
> On Mon, Apr 23, 2018 at 6:12 PM, Wayne Thayer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> I'm re-sending this with the subject tagged as a 'policy 2.6 proposal' in
>> case anyone missed it the first time.
Thanks Matthew, I appreciate you bringing this to everyone's attention.
Unless I'm misunderstanding the scope of the attack, it would have been
trivial for them to get a trusted cert from most any CA. However, according
to the following article, "Victims had to click through a HTTPS error
message,
On 4/24/18 2:47 PM, Henri Sivonen via dev-security-policy wrote:
> On Tue, Apr 24, 2018 at 11:03 PM, cbonnell--- via dev-security-policy
> wrote:
>> On Tuesday, April 24, 2018 at 4:33:24 PM UTC-4, Henri Sivonen wrote:
>>> On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via
>>> dev-security-policy
On Tue, Apr 24, 2018 at 11:03 PM, cbonnell--- via dev-security-policy
wrote:
> On Tuesday, April 24, 2018 at 4:33:24 PM UTC-4, Henri Sivonen wrote:
>> On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via
>> dev-security-policy wrote:
>> > That is correct. We use transliteration of non-latin names
On Tuesday, April 24, 2018 at 4:33:24 PM UTC-4, Henri Sivonen wrote:
> On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via
> dev-security-policy wrote:
> > That is correct. We use transliteration of non-latin names through a system
> > recognized by ISO per Appendix D(1)(3)
>
> But "Säästöpankkil
On Tue, Apr 24, 2018 at 10:32 PM, Henri Sivonen wrote:
> On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via
> dev-security-policy wrote:
>> That is correct. We use transliteration of non-latin names through a system
>> recognized by ISO per Appendix D(1)(3)
>
> But "Säästöpankkiliitto osk" is no
On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via
dev-security-policy wrote:
> That is correct. We use transliteration of non-latin names through a system
> recognized by ISO per Appendix D(1)(3)
But "Säästöpankkiliitto osk" is not a non-Latin name! (It is a
non-ASCII name.) Also, no such trans
That is correct. We use transliteration of non-latin names through a system
recognized by ISO per Appendix D(1)(3)
-Original Message-
From: dev-security-policy
On Behalf Of cbonnell--- via dev-security-policy
Sent: Tuesday, April 24, 2018 7:12 AM
To: mozilla-dev-security-pol...@lists.mozi
I'm not sure I underestand the use case. I'm hoping that they can clarify
more.
That is, it would seem valuable as part of the technical constraint
exercise to ensure the EKUs are restsricted. This is particularly true due
to how nameConstraints work - they are blacklists (effectively), rather
tha
On Mon, Apr 23, 2018 at 6:12 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I'm re-sending this with the subject tagged as a 'policy 2.6 proposal' in
> case anyone missed it the first time.
>
> I am leaning toward option 2 as the best solution. The scope
This story is still breaking, but early indications are that:
1. An attacker at AS10297 (or a customer thereof) announced several more
specific subsets of some Amazon DNS infrastructure prefixes:
205.251.192-.195.0/24 205.251.197.0/24 205.251.199.0/24
2. It appears that AS10297 via peering arr
On Monday, April 23, 2018 at 3:34:38 PM UTC-4, Wayne Thayer wrote:
> Section 9.2.1 of the EVGLs is stricter, only permitting abbreviations. If
> this were an EV cert I would argue that it was misissued.
>
> On Mon, Apr 23, 2018 at 12:13 PM, Ryan Sleevi via dev-security-policy <
> dev-security-poli
13 matches
Mail list logo
