Re: Intent to Ship: Move Extended Validation Information out of the URL bar

On Mon, Aug 26, 2019, at 20:44, Jakob Bohm via dev-security-policy wrote: > On 26/08/2019 21:49, Jonathan Rudenberg wrote: > > On Mon, Aug 26, 2019, at 15:01, Jakob Bohm via dev-security-policy wrote: > >> and > >> both

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

On 26/08/2019 21:49, Jonathan Rudenberg wrote: > On Mon, Aug 26, 2019, at 15:01, Jakob Bohm via dev-security-policy wrote: >> and >> both took advantage of weaknesses in two >> government registries to create actual dummy

2019.08.20 Let’s Encrypt Incident: Incorrect OCSP responses under certain conditions

On 2019.08.20 at 08:48 UTC we received a report from community member and Apache httpd developer, Stefan Eissing, that under certain conditions our OCSP caching layer would return a valid OCSP response but not the one that was requested. This resulted in our OCSP service acting in violation of

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

Jakob, Before I touch on your comments, I wanted to point out that I am fairly well known in the CA industry even back then and that fact might have tainted the results sightly because I am treated some what differently to other orders as the validation staff look more carefully at the

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

On Mon, Aug 26, 2019 at 05:39:14AM -0700, Josef Schneider via dev-security-policy wrote: > Sure I can register a company and get an EV certificate for that company. > But can I do this completely anonymous like getting a DV cert? Yes. > Nobody is arguing that EV certificates are perfect and

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

On Mon, Aug 26, 2019, at 15:01, Jakob Bohm via dev-security-policy wrote: > and > both took advantage of weaknesses in two > government registries to create actual dummy companies with misleading > names, then trying to get

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

On 24/08/2019 05:55, Tom Ritter wrote: On Fri, 23 Aug 2019 at 22:53, Daniel Marschall via dev-security-policy wrote: Am Freitag, 23. August 2019 00:50:35 UTC+2 schrieb Ronald Crane: On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote: Whatever the merits of EV (and perhaps

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

On 8/26/2019 5:39 AM, Josef Schneider via dev-security-policy wrote: Am Sonntag, 18. August 2019 20:05:42 UTC+2 schrieb Ronald Crane: On 8/18/2019 12:39 AM, Leo Grove via dev-security-policy wrote: Deploying a Stripe Inc EV SSL from a state other than CA is one thing, but using an EV SSL in

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

On Mon, Aug 26, 2019 at 5:39 AM Josef Schneider via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Am Sonntag, 18. August 2019 20:05:42 UTC+2 schrieb Ronald Crane: > > On 8/18/2019 12:39 AM, Leo Grove via dev-security-policy wrote: > > > Deploying a Stripe Inc EV SSL from a

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

Am Sonntag, 18. August 2019 20:05:42 UTC+2 schrieb Ronald Crane: > On 8/18/2019 12:39 AM, Leo Grove via dev-security-policy wrote: > > Deploying a Stripe Inc EV SSL from a state other than CA is one thing, but > > using an EV SSL in conjunction with a domain name and website with the true > >