Re: DEFCON Talk - Lost and Found Certificates

On 08/19/2018 12:56 PM, Eric Mill via dev-security-policy wrote: > On Thu, Aug 16, 2018 at 6:52 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> It seems that my response to this presentation has brought out the crowd >> of people who are constantly

Re: Telia CA - problem in E validation

On 20/08/2018 10:06, pekka.lahtiha...@teliasonera.com wrote: In our implementation E value in our certificates was "true" if it passed our technical and visual verification. If the BR requirement is to do "any" verification for E then the verification techniques we used should be OK. We think

Re: GoDaddy Revocation Disclosure

On Monday, August 20, 2018 at 10:40:15 AM UTC-7, Wayne Thayer wrote: > Thank you for the disclosure Daymion. I have created bug 1484766 to track > this issue. I've requested an incident report to help the community better > understand what happened and what can and is being done to prevent similar

Re: GoDaddy Revocation Disclosure

Thank you for the disclosure Daymion. I have created bug 1484766 to track this issue. I've requested an incident report to help the community better understand what happened and what can and is being done to prevent similar problems in the future, as described in the last two topics [1]: 6.

Re: GoDaddy Revocation Disclosure

On Saturday, August 18, 2018 at 2:27:05 PM UTC-7, Ben Laurie wrote: > On Fri, 17 Aug 2018 at 18:22, Daymion Reynolds via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > Revoke Disclosure > > > > GoDaddy has been proactively performing self-audits. As part of this > >

RE: A vision of an entirely different WebPKI of the future...

The only thing I'm going to say in this thread is that ICANN, registrars, and registries had two years to figure out how to handle GDPR and email addresses in WHOIS, and we all know how that turned out. Maybe we should let them figure out how to handle their existing responsibilities before we

Re: Telia CA - problem in E validation

On Mon, Aug 20, 2018 at 4:06 AM, pekka.lahtiharju--- via dev-security-policy wrote: > In our implementation E value in our certificates was "true" if it passed > our technical and visual verification. If the BR requirement is to do "any" > verification for E then the verification techniques we

Re: Telia CA - problem in E validation

In our implementation E value in our certificates was "true" if it passed our technical and visual verification. If the BR requirement is to do "any" verification for E then the verification techniques we used should be OK. We think that BR has meant that both OU and E are based on values