This request is for inclusion of the Chunghwa Telecom eCA as documented in
the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1341604
* BR Self Assessment is here:
https://bugzilla.mozilla.org/attachment.cgi?id=8963172
* Summary of Information Gathered and Verified:
I have incorporated the final changes from our policy discussions, as well
as some corrections and clarifications that Kathleen and I found during our
review, into the latest draft of the policy:
https://github.com/mozilla/pkipolicy/compare/master...2.6 I would encourage
everyone to review the
On Friday, May 18, 2018 at 10:52:25 AM UTC-7, Tim Hollebeek wrote:
> > Our logging of the CAA records processed does not provide the case
> > information we need to determine whether other issuances were affected by
> > this bug.
>
> We put a requirement in the BRs specifically so this problem
This same information has also been posted to
https://bugzilla.mozilla.org/show_bug.cgi?id=1461391
Andrew Ayer reported this problem report to mailto:sslab...@comodoca.com:
<<<
I was able to obtain a certificate from Comodo that was not properly
validated under the Baseline Requirements, as
> Our logging of the CAA records processed does not provide the case
> information we need to determine whether other issuances were affected by
> this bug.
We put a requirement in the BRs specifically so this problem could not occur:
"The CA SHALL log all actions taken, if any, consistent with
Oops, I missed item 1, disregard :)
On Fri, May 18, 2018, at 13:45, Jonathan Rudenberg via dev-security-policy
wrote:
> On Fri, May 18, 2018, at 13:00, josh--- via dev-security-policy wrote:
> > 2. Performing a scan of current CAA records for the domain names we have
> > issued for in the past
On Fri, May 18, 2018, at 13:00, josh--- via dev-security-policy wrote:
> 2. Performing a scan of current CAA records for the domain names we have
> issued for in the past 90 days, specifically looking for tags in CAA
> records with non-lowercase characters. We’ll examine such instances on a
>
At 12:45 UTC we received a report to our cert-prob-repo...@letsencrypt.org
contact address that Let’s Encrypt was improperly handling CAA records with
mixed case tags, resulting in mis-issuance under the baseline requirements.
Thanks to Corey Bonnell of TrustWave for the report.
RFC 6844
8 matches
Mail list logo