This post links to https://bugzilla.mozilla.org/show_bug.cgi?id=1506607
Issue description:
Misissuing of Intermediate Certificates because of incorrect
organizationIdentifier
For the intermediate CA listed below the organizationIdentifier=
NTRL-FL-0002.523.017-8 is wrong. The correct value is
Jakob,
Please see
https://groups.google.com/d/msg/mozilla.dev.security.policy/Q9whve-HJfM/lpwKQXOfAgAJ
, which was already provided previously.
It includes details regarding T-Systems areas of non-compliance that were
1) Demonstrably not identified by the auditor
2) Covered by existing audit
When the ballot said "... would result in a valid domain label", does it
mean that "... would result in a valid domain name of the applicant,
that has passed the same level of domain authorization (DV, OV, EV) check?
Secondly, is it necessary for CAs to state their practice of handling
Ryan,
Could you please provide, in a single message, a list of all the
supposedly multiple failures by TUVIT, clearly marking each if it is:
Subject O: [Other] A failure outside the specific subjects below.
Subject D: [Discussion] A failure by TUVIT to satisfactorily answer your
questions
As you may be aware, the CA/Browser Forum recently passed ballot SC12 [1]
creating a sunset period for TLS certificates containing an underscore
("_") character in the SAN. This practice was widespread until a year ago
when it was pointed out that underscore characters are not permitted in
dNSName
Nick,
I find your continued suggestions to be actively harmful - to the
discussion, for sure, but also to the reputation of ETSI.
You've attempted to frame this, again, as an either/or approach - that is,
that we can only have one of these discussions. You've attempted to
"thread-jack" the
Ryan,
I see the main question is what is the most productive way ahead. We can
continue discussing a specific concern in the context of just 1 of the European
auditor, or work in the EU on a considered approach to all the concerns which
can be applied to all European based audits. The first
Ryan,
The difference in opinion seems to be which approach is most productive.
Targeting particular concerns at an individual auditor or clearly stating all
your concerns on European based audits for PTC so that we can come back come
back with a common decision how, through ETSI standards and
8 matches
Mail list logo