Re: Comodo password exposed in GitHub allowed access to internal Comodo files

On 28/07/2019 00:41, Nick Lamb wrote: On Sun, 28 Jul 2019 00:06:38 +0200 Ángel via dev-security-policy wrote: A set of credentials mistakenly exposed in a public GitHub repository owned by a Comodo software developer allowed access to internal Comodo documents stored in OneDrive and SharePoint

Re: Entrust Root Certification Authority - G4 Inclusion Request

On Friday, July 26, 2019 at 1:25:13 PM UTC-4, Wayne Thayer wrote: > ==Meh== > * BR section 2.2 requires section 4.2 of a CA’s CP and/or CPS to “clearly > specify the set of Issuer Domain Names that the CA recognises in CAA > "issue" or "issuewild" records as permitting it to issue.” The Entrust C

Re: Disclosure and CP/CPS for Cross-Signed Roots

On Wed, 24 Jul 2019 16:41:53 + Rob Stradling via dev-security-policy wrote: > [Wearing crt.sh hat] > > https://crt.sh/mozilla-disclosures now has two new buckets: > - Disclosed, but with Inconsistent Audit details > - Disclosed, but with Inconsistent CP/CPS details > > (I started discussing

SwissSign: Misissuance of Leaf Certificates because of incorrect postcode

Issue description: Misissuing of two leaf certificates because of incorrect postcode. For the certificates listed below, the postalCode= contained '1260 Nyon' instead of ‘1260’ only. This is an incident report for the issue above according to https://wiki.mozilla.org/CA/Responding_To_An_Inciden