Forwarded Message
Subject: Summary of May 2020 Audit Reminder Emails
Date: Tue, 19 May 2020 19:00:17 + (GMT)
Mozilla: Audit Reminder
CA Owner: Global Digital Cybersecurity Authority Co., Ltd. (Formerly
Guang Dong Certificate Authority (GDCA))
Root Certificates:
GDCA
On Mon, May 18, 2020 at 6:55 PM Kyle Hamilton wrote:
> So, I request and encourage that CABForum members consider populating
> clause 3.2.1 of the Basic Requirements, so that Proof-of-Possession be
> mandated.
>
I don't mean to beat a dead horse, and without addressing the merits of
trying to
On Tue, May 19, 2020 at 2:22 PM Matthias van de Meent
wrote:
> I agree that for any one bug, this metadata is not anything to make
> decisions over, but when looking over e.g. the last 3 years, you can
> start making more informed guesses on the metadata only. E.g. when you
> find that a CA has
On Tue, 19 May 2020 at 16:22, Ryan Sleevi wrote:
>
> On Tue, May 19, 2020 at 5:53 AM Matthias van de Meent
> wrote:
>>
>> One of the reasons I did this research was to check the track record
>> of CAs with regards to compliance and solving compliance issues. As
>> you might expect, this is
On Tue, May 19, 2020 at 12:38 PM sandybar497--- via
dev-security-policy wrote:
> I actually submitted this post 6 days ago and was only just approved today..
> is there a lack of resources approving blog posts? just don't see how it's
> helpful when posts show up so late.
It looks like you may
On Friday, May 15, 2020 at 7:30:45 AM UTC+10, Ryan Sleevi wrote:
> Do you have a copy of the OCSP response?
>
> With such issues, we may need signed artifacts to demonstrate
> non-compliance. For example, it shows as revoked via both OCSP and CRL
> for me.
>
> On Thu, May 14, 2020 at 4:32 PM
On Mon, May 18, 2020 at 6:55 PM Kyle Hamilton wrote:
> With proof of possession, these situations can be detected and raised as
> being not-just-theoretical, and the CAs (or whoever wants to search the CT
> logs) can notify the entities involved that they probably want to change
> their keys. In
On Mon, May 18, 2020 at 6:55 PM Kyle Hamilton wrote:
> A potential attack without Proof of Possession which PKIX glosses over
> could involve someone believing that a signature on a document combined
> with the non-possession-proved certificate constitutes proof of possession,
> and combined
On Tue, May 19, 2020 at 12:35 AM Kyle Hamilton wrote:
>
>
> On Mon, May 18, 2020, 19:46 Ryan Sleevi wrote:
>
>> On Mon, May 18, 2020 at 7:55 PM Kyle Hamilton via dev-security-policy
>> wrote:
>>
>> > Regardless of that potential con, though, there is one very important
>> thing
>> > which
On Tue, May 19, 2020 at 5:53 AM Matthias van de Meent <
matthias.vandeme...@cofano.nl> wrote:
> Hi Ryan,
>
> On Tue, 19 May 2020 at 00:47, Ryan Sleevi wrote:
> >
> > Hi Matthias,
> >
> > We're aware of this. Could you explain what issue or issues this
> > presents to you?
>
> One of the reasons
In other linter news...
It has become clear that the original certlint/cablint repository
(https://github.com/awslabs/certlint) is no longer being maintained. At
Sectigo we still use cablint as one of our preissuance linters, and
we've been running into more and more problems with cablint's
Hi Ryan,
On Tue, 19 May 2020 at 00:47, Ryan Sleevi wrote:
>
> Hi Matthias,
>
> We're aware of this. Could you explain what issue or issues this
> presents to you?
One of the reasons I did this research was to check the track record
of CAs with regards to compliance and solving compliance
12 matches
Mail list logo