On 16/08/2018 21:51, Matthew Hardeman wrote:
Of late, there seems to be an ever increasing number of misissuances of various
forms arising.
Despite certificate transparency, increased use of linters, etc, it's virtually
impossible to find any CA issuing in volume that hasn't committed some
On 16/08/2018 16:24, Eric Mill wrote:
On Wed, Aug 15, 2018 at 6:36 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I'd like to call this presentation to everyone's attention:
Title: Lost and Found Certificates: dealing with residual certificates for
On Thursday, August 16, 2018 at 3:34:01 PM UTC-5, Paul Wouters wrote:
> Why would people not in the business of being a CA do a better job than
> those currently in the CA business?
I certainly do not assert that there would be no learning curve. However,
these same registries for the generic
On Thursday, August 16, 2018 at 3:18:38 PM UTC-5, Wayne Thayer wrote:
> What problem(s) are you trying to solve with this concept? If it's
> misissuance as broadly defined, then I'm highly skeptical that Registry
> Operators - the number of which is on the same order of magnitude as CAs
> [1] -
Thank you for responding on behalf of ETSI ESI and ACABc! I believe that
this is an important topic and I hope that ETSI ESI and ACABc members will
continue to participate in the discussion.
On Thu, Aug 16, 2018 at 11:11 AM clemens.wanko--- via dev-security-policy <
On Thu, 16 Aug 2018, Matthew Hardeman via dev-security-policy wrote:
1. Run one or more root CAs
Why would people not in the business of being a CA do a better job than
those currently in the CA business?
I recognize it's a radical departure from what is. I'm interested in
understanding
What problem(s) are you trying to solve with this concept? If it's
misissuance as broadly defined, then I'm highly skeptical that Registry
Operators - the number of which is on the same order of magnitude as CAs
[1] - would perform better than existing CAs in this regard. You also need
to consider
Of late, there seems to be an ever increasing number of misissuances of various
forms arising.
Despite certificate transparency, increased use of linters, etc, it's virtually
impossible to find any CA issuing in volume that hasn't committed some issuance
sin.
Simultaneously, there seems to be
I posted this to Bugzilla last night. Basically, we had an issue with
validation that resulted in some certs issuing without proper (post-Aug 1)
domain verification. Still working out how many. The major reason was lack
of training by the validation staff combined with a lack of strict document
What about all of the other audit firms?
From: Wayne Thayer
Sent: Wednesday, August 15, 2018 1:09 PM
To: Ben Wilson
Cc: Ryan Sleevi ; mozilla-dev-security-policy
Subject: Re: Misissuance and BR Audit Statements
I went ahead and noted these DigiCert audits as a concern on the CCADB
Dear all,
this is a joint response from ETSI ESI and ACABc:
ETSI have published a supplement to its audit requirements specifically to
address specific requirements of Mozilla, and other CA/Browser Forum members,
for auditing Trust Service Providers that issue Publicly-Trusted Certificates
TS
On Thu, Aug 16, 2018 at 7:25 AM Eric Mill wrote:
>
> I think this paper provides a good impetus to look at further shortening
> certificate lifetimes down to 13 months. That would better match the annual
> cadence of domain registration so that there's a smaller window of time
> beyond domain
Hey Everyone,
Author here, happy to answer any questions. Wayne did a good job summarizing
the two problems, MitM and DoS. Basically there should be extra caution
whenever sharing a certificate between different users/organizations. And We'd
like to suggest that CA's not issue certificates
On Wed, Aug 15, 2018 at 11:41 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 14/08/2018 02:10, Wayne Thayer wrote:
> > I'd like to call this presentation to everyone's attention:
> >
> > Title: Lost and Found Certificates: dealing with residual
On Wed, Aug 15, 2018 at 6:36 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I'd like to call this presentation to everyone's attention:
>
> Title: Lost and Found Certificates: dealing with residual certificates for
> pre-owned domains
>
> Slide deck:
>
>
15 matches
Mail list logo