My opinion:
The CA/B Forum Baseline Requirements only apply to certificates which chain to
publicly trusted roots. This is made clear in the preamble of the document:
This document describes an integrated set of technologies, protocols,
identity-proofing, lifecycle management, and auditing
Hey all,
We're working towards revoking certs with underscore characters in the
domain name, per SC12, but I had a question about legacy Symantec systems
and Mozilla. These particular roots are no longer trusted for TLS certs in
Google or Mozilla, which means the applicability of the BRs is
I have update the bug [1] and recommended approval of this emSign root
inclusion request.
- Wayne
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1442337
On Tue, Nov 27, 2018 at 10:19 AM Wayne Thayer wrote:
> I've reviewed the updated CPS and these period-of-time audit statements -
> I have
On Wed, Dec 12, 2018 at 9:13 AM Sándor dr. Szőke via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Thank you for the detailed answer, I think that the requirement is clear
> for us now.
>
> The misunderstanding was caused by the different usage of the term 'Test
>
2018. december 11., kedd 19:51:45 UTC+1 időpontban Doug Beattie a következőt
írta:
> Option 1 is the intended interpretation. We specified 30 days because the
> tokens used for domain validation (Random Number) need to have a useful life
> of 30 days. The 30-day usage period needed to be put
As a follow-up, The certificate was revoked about 2 hours ago:
https://crt.sh/?id=300288180=ocsp
-Original Message-
From: Doug Beattie
Sent: Tuesday, December 11, 2018 8:09 AM
To: 'dev-security-policy@lists.mozilla.org'
Cc: 'Xiaoyin Liu' ; Mark Steward
Subject: RE: SSL private
6 matches
Mail list logo