On 3/18/20 5:16 PM, Ryan Sleevi wrote:
Suggestions:
1) Rename "Audit Delay" to [audit-delay] and rename "Audit Delay COVID-19"
to [audit-delay] [covid-19] or [audit-delay-covid-19], depending
Rationale: In general, our filters work on word searches, so the brackets
brackets help distinguish the
On Thu, Mar 19, 2020 at 7:06 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thu, Mar 19, 2020 at 12:33:29PM -0400, Ryan Sleevi wrote:
> > I'm not sure an incident report is necessary. The CCADB policy allows
> both
> > to be provided, and the
On Thu, Mar 19, 2020 at 12:33:29PM -0400, Ryan Sleevi wrote:
> I'm not sure an incident report is necessary. The CCADB policy allows both
> to be provided, and the mechanisms that CCADB uses (both for CAs and for
> Root Stores) permit a host of expressiveness (and further changes are being
>
Matt,
I'm not sure an incident report is necessary. The CCADB policy allows both
to be provided, and the mechanisms that CCADB uses (both for CAs and for
Root Stores) permit a host of expressiveness (and further changes are being
made).
While there is certainly benefit in highlighting the
On Thu, Mar 19, 2020 at 9:58 AM Wojtek Porczyk
wrote:
> On Thu, Mar 19, 2020 at 05:30:31AM -0500, Ryan Sleevi via
> dev-security-policy wrote:
> > [...] but given that some negligent and
> > irresponsible CAs kept agitating to reduce revocation requirements than
> > protect users, the ballot was
>
> - Microsec will check all the issued IVCP certificates looking for similar
> issues - deadline 2020-03-20
>
Microsec has finished the detailed investigation on the issued TLS IVCP
certificates looking for similar issues. The findings are the following:
Microsec issued altogether 9 test
On Thu, Mar 19, 2020 at 05:30:31AM -0500, Ryan Sleevi via dev-security-policy
wrote:
> [...] but given that some negligent and
> irresponsible CAs kept agitating to reduce revocation requirements than
> protect users, the ballot was kept simple.
> [...] I worry the same set of negligent and
Has anyone worked with a site/service like this that could help convey
compromised keys between CAs?
https://pwnedkeys.com/submit.html
-Original Message-
From: dev-security-policy On
Behalf Of Matt Palmer via dev-security-policy
Sent: Thursday, March 19, 2020 7:05 AM
To:
On Thu, Mar 19, 2020 at 11:10:05AM +, arnold.ess...@t-systems.com wrote:
> Thanks for pointing it out. We changed the links so that they now refer
> to the English version of the CP and CPS.
Thanks for the quick update. Do you have an ETA for the preliminary
incident report?
- Matt
Thanks for pointing it out. We changed the links so that they now refer to the
English version of the CP and CPS.
-Ursprüngliche Nachricht-
Von: dev-security-policy Im
Auftrag von Matt Palmer via dev-security-policy
Gesendet: Donnerstag, 19. März 2020 10:56
An:
On Thu, Mar 19, 2020 at 05:30:31AM -0500, Ryan Sleevi wrote:
> On Thu, Mar 19, 2020 at 1:02 AM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > 2. If there are not explicit prohibitions already in place, *should* there
> >be? If so, should it be a BR
On Thu, Mar 19, 2020 at 1:02 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Since I started requesting revocation for certificates with
> known-compromised private keys, I've noticed a rather disturbing pattern
> emerging in a few cases:
>
> 1. I find a
As I understand the CCADB Policy (which is included by reference in the
Mozilla Root Store Policy), CAs are required to provide an English
translation of their CP/CPS documents, and link to them in the CCADB.
At the time of writing, the "AllCertificateRecordsReport" CSV shows the
link for the
On 2020-03-19 07:02, Matt Palmer wrote:
2. If there are not explicit prohibitions already in place, *should* there
be? If so, should it be a BR thing, or a Policy thing?
I think there should be. I expect them to publish a CRL that says the
reason for revocation is a key compromise. I
Since I started requesting revocation for certificates with
known-compromised private keys, I've noticed a rather disturbing pattern
emerging in a few cases:
1. I find a private key on the Internet.
2. I request revocation from the CA on the basis that the private key is
compromised, and
15 matches
Mail list logo