Thank you Rob! These are excellent additions to this report.
I'd like to ask all the CA representatives on this list to take a look at
the updated report (https://crt.sh/mozilla-disclosures) and correct any
issues with your company's disclosures as soon as possible.
Regarding Peter's earlier
This is not at all a safe assumption. If they care to know and have active
MITM infrastructure in place, the last time I looked at the issue,
identifying which browser was in use (and generally speaking which
operating system or set of operating systems) was fairly trivial by
fingerprinting the
The government sending out SMSes to tell users to install the certificate don't
(until the certificate is installed) know what browser the user is using.
So, in addition to blacklisting the certificate, have it pop up a big, horrible
message "Your government wants to use this to spy on you. It
[Wearing Sectigo hat]
Andrew, thanks for filing [1]. Sectigo will provide a full response on
that bug, but I'll just note here that we have updated the CCADB records
for the cross-certificates such that the Audit and CP/CPS details are
now consistent with the Web.com roots. As it happens, I
G’day Devon et al,
Can you please detail the reason behind Google withdrawing trust for the UAE
NPKI intermediates?
Can you also please provide the timeline for the in-band delivery of the
restriction by Google? As you can imagine this will have catastrophic impact
for existing customers and
5 matches
Mail list logo
