On Fri, Feb 26, 2021 at 5:18 PM Ryan Sleevi wrote:
> I do believe it's problematic for the OCSP and CRL versions of the
> repository to be out of sync, but also agree this is an area that is useful
> to clarify. To that end, I filed
> https://github.com/cabforum/servercert/issues/252 to make
On Fri, Feb 26, 2021 at 6:01 PM Aaron Gable wrote:
> On Fri, Feb 26, 2021 at 12:05 PM Ryan Sleevi wrote:
>
>> You can still do parallel signing. I was trying to account for that
>> explicitly with the notion of the “pre-reserved” set of URLs. However, that
>> also makes an assumption I should
On Fri, Feb 26, 2021 at 12:05 PM Ryan Sleevi wrote:
> You can still do parallel signing. I was trying to account for that
> explicitly with the notion of the “pre-reserved” set of URLs. However, that
> also makes an assumption I should have been more explicit about: whether
> the expectation is
On Fri, Feb 26, 2021 at 1:46 PM Aaron Gable wrote:
> If we leave out the "new url for each re-issuance of a given CRL" portion
> of the design (or offer both url-per-thisUpdate and
> static-url-always-pointing-at-the-latest), then we could in fact include
> CRLDP urls in the certificates using
Thanks for the reminder that CCADB automatically dereferences URLs for
archival purposes, and for the info about existing automation! I don't
personally have CCADB credentials, so all of my knowledge of it is based on
what I've learned from others at LE and from this list.
If we leave out the
On Thu, Feb 25, 2021 at 7:55 PM Clint Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I think it makes sense to separate out the date for domain validation
> expiration from the issuance of server certificates with previously
> validated domain names, but agree
On Fri, Feb 26, 2021 at 5:49 AM Rob Stradling wrote:
> > We already have automation for CCADB. CAs can and do use it for
> disclosure of intermediates.
>
> Any CA representatives that are surprised by this statement might want to
> go and read the "CCADB Release Notes" (click the hyperlink when
> We already have automation for CCADB. CAs can and do use it for disclosure of
> intermediates.
Any CA representatives that are surprised by this statement might want to go
and read the "CCADB Release Notes" (click the hyperlink when you login to the
CCADB). That's the only place I've seen
8 matches
Mail list logo