Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On Thu, Dec 27, 2018 at 8:43 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > So absent a bad CA, I wonder where there is a rule that subscribers > should be ready to quickly replace certificates due to actions far > outside their own control. Consider

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On Sat, Dec 29, 2018 at 06:26:09PM -0500, Lee via dev-security-policy wrote: > On 12/29/18, Ryan Sleevi wrote: > > On Sat, Dec 29, 2018 at 10:24 AM Lee wrote: > > > >> > It does not seem like a productive discussion will emerge if the > >> > ontology > >> > is going to be honest/dishonest

Re: Underscore domains?

On Sat, Dec 29, 2018 at 02:40:10PM -0800, Lewis Resmond via dev-security-policy wrote: > I am not 100% sure, but I have read that underscores can exist in domain > names: > https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it Correct, but irrelevant

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On 12/29/18, Ryan Sleevi wrote: > On Sat, Dec 29, 2018 at 10:24 AM Lee wrote: > >> > It does not seem like a productive discussion will emerge if the >> > ontology >> > is going to be honest/dishonest participants. >> >> I think it's an excellent distinction. An honest subscriber won't >>

Re: Underscore domains?

I am not 100% sure, but I have read that underscores can exist in domain names: https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it In another thread of this newsgroup, I saw a list of certificates to be revoked because of the underscore issue. And

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On Sat, Dec 29, 2018 at 10:24 AM Lee wrote: > > It does not seem like a productive discussion will emerge if the ontology > > is going to be honest/dishonest participants. > > I think it's an excellent distinction. An honest subscriber won't > deliberately attempt to spread malware. But I like

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On 29/12/2018 15:32, Ryan Sleevi wrote: > On Fri, Dec 28, 2018 at 11:21 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >>> My guess is all CAs have something like >>> https://www.digicert.com/certificate-terms/ >>> 15. Certificate Revocation.

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On 12/29/18, Ryan Sleevi via dev-security-policy wrote: > On Fri, Dec 28, 2018 at 11:21 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> > My guess is all CAs have something like >> >https://www.digicert.com/certificate-terms/ >> > 15. Certificate

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On 12/28/18, Jakob Bohm via dev-security-policy wrote: > On 28/12/2018 19:44, Lee wrote: >> On 12/27/18, Jakob Bohm via dev-security-policy >> wrote: >>> Looking at the BRs, specifically BR 4.9.1, the reasons that can lead >>> to fast revocation fall into a few categories / groups: >> <..

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

On Fri, Dec 28, 2018 at 11:21 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > My guess is all CAs have something like > >https://www.digicert.com/certificate-terms/ > > 15. Certificate Revocation. DigiCert may revoke a Certificate without > > notice