Hey all,
You may have seen that DigiCert is purchasing the QuoVadis PKI from WISeKey,
including all public root operations. With the closing date drawing closer, I
wanted to start the discussion and give the Mozilla community the notice
required under Section 8 of the Mozilla CA policy.
Let
On Mon, Jan 14, 2019 at 05:18:18PM -0700, Wayne Thayer via dev-security-policy
wrote:
> * Fairly recent misissuance under the currently included Hong Kong Post
> Root CA 1: O and OU fields too long [4]. These certificates have all been
> revoked, but no incident report was ever filed.
I think
On 15-Jan-19 12:31 PM, Ian Carroll via dev-security-policy wrote:
> from looking at [3] I think it should be a
> very negative mark against a CA to have to OneCRL one of their
> intermediates.
[3] was reported and discussed three years ago. When I look at it
positively today, it does remind me
I do not usually comment on new CA applications, so take this with whatever
grain of salt you'd like, but from looking at [3] I think it should be a
very negative mark against a CA to have to OneCRL one of their
intermediates. If the CA is not committed to closely following web PKI
standards, it's
在 2019年1月15日星期二 UTC+8上午8:58:30,David E. Ross写道:
> On 1/14/2019 4:18 PM, Wayne Thayer wrote:
> > This request is for inclusion of the Government of Hong Kong, Hongkong
> > Post, Certizen Hongkong Post Root CA 3 trust anchor as documented in the
> > following bug:
On Mon, Jan 14, 2019 at 5:58 PM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I would think that lack of a CP alone would disqualify this root.
>
> Does it? I'm not saying that there is missing information, only that the
document is called a "CPS" rather
On 1/14/2019 4:18 PM, Wayne Thayer wrote:
> This request is for inclusion of the Government of Hong Kong, Hongkong
> Post, Certizen Hongkong Post Root CA 3 trust anchor as documented in the
> following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1464306
>
> * BR Self Assessment is here:
>
This request is for inclusion of the Government of Hong Kong, Hongkong
Post, Certizen Hongkong Post Root CA 3 trust anchor as documented in the
following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1464306
* BR Self Assessment is here:
On Fri, Jan 11, 2019 at 11:51 AM Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> A few of us have been discussing the usareally.com "issue" recently. In
> case you didn't know, the US Treasure put out a notice that US companies
> must not do business with
On Mon, Jan 14, 2019 at 9:57 AM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
> dev-security-policy wrote:
>
> > Hi
> >
> > I have question for following case of certificate chain.
> > (root
On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
dev-security-policy wrote:
> Hi
>
> I have question for following case of certificate chain.
> (root cert)--(1st intermediate cert)--(2nd intermediate cert)--(EE cert)
> In addition, "1st intermediate cert" is for technically
Hi
I have question for following case of certificate chain.
(root cert)--(1st intermediate cert)--(2nd intermediate cert)--(EE cert)
In addition, "1st intermediate cert" is for technically constrained with name
constraints (including server-auth EKU).
I believe we Must put EKU
On 14/01/2019 08:09, westmail24--- via dev-security-policy wrote:
> This URL ( https://crt.sh/test-websites ) does not work (~5 days)
Fixed. Thanks.
--
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited
___
dev-security-policy
This URL ( https://crt.sh/test-websites ) does not work (~5 days)
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
14 matches
Mail list logo
