Hi Nick
We attached an updated version of the affected certificate overview to the
bug on February 10, which does contain the date of order and date of
issuance.
Thanks
Arvid
> -Original Message-
> From: dev-security-policy
On
> Behalf Of Nick Lamb via dev-security-policy
> Sent:
During gap analysis and impact assessment of the changes to the BR in the
context of SC31 - Browser Alignment, we noted that our legacy platform,
using EJBCA as issuance backend, did not fully support the changes related
to not including the "Unspecified" reason code in OCSP responses for the
ACAB'c is a group of a few eIDAS CABs working together for reasons, they do not
represent all eIDAS CABs neither do they have any recognized or official
function within the eIDAS ecosystem.
Can the ACAB'c member list be relied upon as being accurate and providing
correct and latest
GlobalSign recognizes the reported security issue and associated risk, and
is working on a plan to remediate the impacted CA hierarchies with first
priority on terminating those branches that include issuing CA with private
keys outside of GlobalSign's realm. We will soon share an initial plan on
Hi Kathleen
Related to the below it would be helpful if the WebTrust organization would
disclose additional details on the licensed WebTrust practitioners: right now
there is no data publicly available on historical WebTrust auditor licensing.
We don't know as of when an auditor has been
An incident report was created for this yesterday:
https://bugzilla.mozilla.org/show_bug.cgi?id=1620922
> -Original Message-
> From: dev-security-policy
On
> Behalf Of Matt Palmer via dev-security-policy
> Sent: dinsdag 10 maart 2020 1:41
> To: dev-security-policy@lists.mozilla.org
>
When I initially raised the topic I had two things in mind:
-What if a facility can’t be audited?
-If main key management facilities are down can WebPKI CA meet SSLBR
4.9.1.2?
As for the inability to audit, a few things come to mind based on the previous
shared thoughts:
-
COVID-19 is going on and there currently is a quarantine of certain areas in
China and also alert levels are further raising in other (mainly East-Asian)
countries.
How will the root programs approach CA facilities with key material that are
in a lockdown or in a territory that is not
GlobalSign has revoked the respective certificates and is investigating root
cause. Thanks.
> -Original Message-
> From: dev-security-policy
On
> Behalf Of Ryan Sleevi via dev-security-policy
> Sent: dinsdag 21 mei 2019 6:06
> To: Brian Smith
> Cc: Ryan Sleevi ;
Based on the information reported in this thread GlobalSign has started the
necessary activities to investigate this potential misuse.
Arvid
On Tuesday, December 11, 2018 at 8:24:43 AM UTC+1, Mark Steward wrote:
> This time it's just hanging around in memory, no need to do anything
> about the
10 matches
Mail list logo