Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

I'd like to chime-in on this particular topic because I had similar thoughs with Pedro and Peter. I would like to echo Pedro's, Peter's and other's argument that it is unreasonable for Relying Parties and Browsers to say "I trust the CA (the Root Operator) to do the right thing and manage

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Mon, Jul 06, 2020 at 03:48:06AM +, Peter Gutmann wrote: > Matt Palmer via dev-security-policy > writes: > >If you're unhappy with the way which your interests are being represented by > >your CA, I would encourage you to speak with them. > > It's not the CAs, it's the browsers, and many

SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Several people write: >Go to another CA. >Talk to your CA. >Have a frank discussion with your CA. This phrase seems to be the PKI equivalent of "come back with some code", which is in turn the OSS equivalent of the more widely-recognised "FOAD". Peter.

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Matt Palmer via dev-security-policy writes: >If you're unhappy with the way which your interests are being represented by >your CA, I would encourage you to speak with them. It's not the CAs, it's the browsers, and many other types of clients. Every Internet-enabled (meaning web-enabled)

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Saturday, July 4, 2020 at 3:43:22 PM UTC-7, Ryan Sleevi wrote: > > Thank you for explaining that. We need to hear the official position from > > Google. Ryan Hurst are you out there? Although Ryan Sleevi has already pointed this out, since I was named explicitly, I wanted to respond and

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Sun, Jul 5, 2020 at 5:30 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > From: dev-security-policy > On Behalf Of Matt Palmer via dev-security-policy > > At the limits, I agree with you. However, to whatever degree that there > is complaining to

RE: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

> From: dev-security-policy On > Behalf Of Ryan Sleevi via dev-security-policy > On Sat, Jul 4, 2020 at 10:42 PM Peter Bowen via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > As several others have indicated, WebPKI today is effectively a subset > > of the more

RE: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

> From: dev-security-policy On > Behalf Of Matt Palmer via dev-security-policy > Sent: Sonntag, 5. Juli 2020 06:36 > > On Sat, Jul 04, 2020 at 07:42:12PM -0700, Peter Bowen wrote: > > On Sat, Jul 4, 2020 at 7:12 PM Matt Palmer via dev-security-policy > > wrote: > > > > > > > On Sat, Jul 04,