On Wed, Dec 5, 2018 at 2:36 AM Fotis Loukos via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 4/12/18 8:30 μ.μ., Ryan Sleevi via dev-security-policy wrote:
> > On Tue, Dec 4, 2018 at 5:02 AM Fotis Loukos <
> me+mozdevsecpol...@fotisl.com>
>
> As far as I can tell, if no
> On Dec 5, 2018, at 16:49, Jakob Bohm via dev-security-policy
> wrote:
>
>
>
> Another question of relevance:
>
> Does the applicable VPN hardware and software (Cisco VPN servers and
> compatible VPN clients) work with certificates that omit all the TLS-
> related EKUs, thus allowing
On 05/12/2018 20:45, Wayne Thayer wrote:
.On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
...
>
Further actions made:
Microsec modified the CISCO VPN server policy to issue the
certificates only for two years in
On Wed, Dec 5, 2018 at 3:48 AM Dimitris Zacharopoulos via
dev-security-policy wrote:
> On 5/12/2018 10:02 π.μ., Fotis Loukos wrote:
>
> > The proposal was apparently to further restrict the ability of CAs to
> > make exceptions on their own, by requiring all such exceptions to go
> > through the
On 05/12/2018 01:05, Nick Lamb wrote:
> On Tue, 4 Dec 2018 14:55:47 +0100
> Jakob Bohm via dev-security-policy
> wrote:
>
>> Oh, so you meant "CA issuance systems and protocols with explicit
>> automation features" (as opposed to e.g. web server systems or
>> operating systems or site specific
On Wed, Dec 5, 2018 at 7:53 AM Wojciech Trapczyński
wrote:
> Ryan, thank you for your comment. The answers to your questions below:
>
Again, thank you for filing a good post-mortem.
I want to call out a number of positive things here rather explicitly, so
that it hopefully can serve as a
On 05/12/2018 19:45, Wayne Thayer wrote:
..On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
6./
Explanation about how and why the mistakes were made or bugs introduced,
and how they avoided detection until now.
Microsec
.On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> 1./
> How your CA first became aware of the problem (e.g. via a problem report
> submitted to your Problem Reporting Mechanism, a discussion in
>
1./
How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, a discussion in
mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the
time and date.
2018-11-29 20:15 CET
Microsec received a notification email
On 5/12/2018 10:02 π.μ., Fotis Loukos wrote:
On 4/12/18 8:29 μ.μ., Dimitris Zacharopoulos via dev-security-policy wrote:
Fotis,
You have quoted only one part of my message which doesn't capture the
entire concept.
I would appreciate it if you mentioned how exactly did I distort your
proposal
On 4/12/18 8:29 μ.μ., Dimitris Zacharopoulos via dev-security-policy wrote:
> Fotis,
>
> You have quoted only one part of my message which doesn't capture the
> entire concept.
I would appreciate it if you mentioned how exactly did I distort your
proposal and which parts that change the meaning
11 matches
Mail list logo