On 2019-08-13 05:27, Peter Gutmann wrote:
Wayne Thayer via dev-security-policy
writes:
Mozilla has announced that we plan to relocate the EV UI in Firefox 70, which
is expected to be released on 22-October. Details below.
Just out of interest, how are the CAs taking this? If there's no mor
For EV certificate being useful in email, email client software should
give a special EV treatment to such certificate. I am not aware of any
email client software that support any special EV treatment at all. Do
you have more information to share with us?
-- Man Ho
On 13-Aug-19 5:12 PM, Kur
DO NOT SHIP THIS. Revert the change immediately and request a CVE
number for the nightlies with this change included.
That Chrome does something harmful is not surprising, and is no
justification for a supposedly independent browser to do the same.
A policy of switching from positive to negativ
在 2019年8月13日星期二 UTC+8下午5:57:38,Man Ho写道:
> For EV certificate being useful in email, email client software should
> give a special EV treatment to such certificate. I am not aware of any
> email client software that support any special EV treatment at all. Do
> you have more information to sha
Dear m.d.s.p.,
I would like to bring into discussion the use of certificate/public key pinning
and the impacts on the 5-days period for certificate revocation according to BR
§4.9.1.1.
Recently, we (Multicert) had to rollout a general certificate replacement due
to the serial number entropy is
On Mon, 12 Aug 2019, Nuno Ponte via dev-security-policy wrote:
Recently, we (Multicert) had to rollout a general certificate replacement due
to the serial number entropy issue. Some of the most troubled cases to replace
the certificates were customers doing certificate pinning on mobile apps.
On Friday, July 26, 2019 at 1:25:13 PM UTC-4, Wayne Thayer wrote:
> ==Bad==
> * The most recent BR audit report lists two additional qualifications
> related to the Network Security requirements:
> ** During the Period, there were instances of some Certificate Systems not
> undergoing a Vulnerabi
PKP is a footgun. Deploying it without being prepared for the
situations you've described is ill-advised. There's a few options
available for organizations who want to pin, in increasing order of
sophistication:
Enforce Certificate Transparency. You're not locked into any CA or
key, only that th
I feel that there's a great deal of consultancy and assistance that CAs and
PKI professionals could bring to their more sophisticated customers with
scenarios such as these where public key pinning an a field-deployed
application may present problems for certificates being revoked.
A best practice
On 8/8/19 9:03 AM, Ryan Sleevi wrote:
On Wed, Aug 7, 2019 at 6:28 PM Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I have been working towards extending Audit Letter Validation (ALV) to
intermediate certificate records in the CCADB. This is involving so
This request is for inclusion of the Microsoft RSA Root Certificate
Authority 2017, Microsoft ECC Root Certificate Authority 2017, Microsoft EV
RSA Root Certificate Authority 2017, and Microsoft EV ECC Root Certificate
Authority 2017 trust anchors as documented in the following bug:
https://bugzill
I share the opinion with Jakob, except with the CVE. Please remove this change.
It is unnecessary and kills the EV market.
But if you insist on keeping that UI change, maybe you can at least give the
lock symbol a different color if it is an EV cert?
__
Daniel Marschall via dev-security-policy
writes:
>I share the opinion with Jakob, except with the CVE. Please remove this
>change. It is unnecessary and kills the EV market.
And that was my motivation for the previous question: We know from a decade of
data that EV certs haven't made any differ
13 matches
Mail list logo
