Dear Mozilla Security Policy Community,
Thanks for the advice about the short serial numbers and apologies for the
delayed response.
Since 2016, all D-TRUST TLS certificates based on electronic Certificate
Requests have a certificate serial number which includes 64 bits of entropy.
Between 2
Hello Jonathan,
this certificate has 64 bits of entropy in the "DNqualifier" field instead of
the serial number field.
Since 2012 we used this way of adding random bits to certificates to mitigate
preimage attacks. From a security perspective the amount of Entropy in the
certificate should b
We´ll talk with the Management and the Certification Audit Body and will
give feedback.
Arno
Am 10.08.2017 um 15:57 schrieb Ryan Sleevi:
Under the Baseline Requirements, v1.4.8 (current version), 4.9.1.1,
"The CA SHALL revoke a Certificate within 24 hours if one of more of the
following occu
Dear Forum,
since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64
bits of entropy in the serial number.
Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform
have a serial number which includes at least 64 bits of entropy. We informed
the CA-
Dear Forum,
since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64
bits of entropy in the serial number.
Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform
have a serial number which includes at least 64 bits of entropy. We informed
the CA-Pr
Am Dienstag, 15. August 2017 16:21:03 UTC+2 schrieb Gervase Markham:
> On 14/08/17 16:44, Arno Fiedler wrote:
> > fulfilled. On 20-07-17 Mozilla asked D-TRUST for clarification, due
> > to the holiday period this message reached us on 07-08-17, AF
> > answered on 08-08-17
>
> I was going to compla
Am Montag, 14. August 2017 18:44:59 UTC+2 schrieb Jonathan Rudenberg:
> Hi Arno and Martin,
>
> > On Aug 14, 2017, at 11:44, Arno Fiedler wrote:
> >
> > Dear Forum,
> >
> > since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least
> > 64 bits of entropy in the serial number
Hello Kathleen,
there is a problem with the auditor qualification and the national
accreditation of some auditing bodies.
We´ll ask ACABc to suggest a solution to take care about proper education of
"qualified" auditors and "good practise" audit statements as suggested by
Mozilla, maybe we need
Am Montag, 30. Oktober 2017 22:19:31 UTC+1 schrieb Ryan Sleevi:
> On Mon, Oct 30, 2017 at 3:50 PM, Kathleen Wilson via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > How do we get all auditors to start meeting our audit statement
> > requirements?
> >
> > Why haven't
Am Montag, 30. Oktober 2017 22:19:31 UTC+1 schrieb Ryan Sleevi:
> On Mon, Oct 30, 2017 at 3:50 PM, Kathleen Wilson via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > How do we get all auditors to start meeting our audit statement
> > requirements?
> >
> > Why haven't
Am Dienstag, 31. Oktober 2017 10:21:47 UTC+1 schrieb Dimitris Zacharopoulos:
> It is not the first time this issue is brought up. While I have a very
> firm opinion that ETSI auditors under the ISO 17065 (focused on the
> quality of products/services) and ETSI EN 319 403 definitely check
> histo
11 matches
Mail list logo
