Re: Maximal validity of the test TLS certificate issued by a private PKI system

My opinion: The CA/B Forum Baseline Requirements only apply to certificates which chain to publicly trusted roots. This is made clear in the preamble of the document: This document describes an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing

Re: SHA-1 exception First Data

 Nick,First Data's customers don't use browsers so Firefox can disable SHA-1 tomorrow and not affect them. Remember, many of these "customers" are small businesses or non-profits. I think about places like a private school or church that whip out the terminal when it's time for the festival or

Re: Re: WoSign and StartCom

FYI-Tyro is not the company referenced on the CA/B Forum agenda.Dean CoclinCA/B Forum Chair   On 09/28/16, Nick Lamb wrote: On Wednesday, 28 September 2016 18:33:07 UTC+1, Percy wrote:> I'm assuming WoSign/StartCom pressured Tyro to remove the blog post. WoSign/StartCom has

Re: Re: Proposed limited exception to SHA-1 issuance

 You beat me to it:Thesecertificate have been logged to our CT log server at ct.ws.symantec.com,with these index numbers:236731236746236748236751236759236763236767 Dean Coclin  On 02/26/16, Andrew Ayer<a...@andrewayer.name> wrote: On Wed, 24 Feb 2016 16:11:38 -0800 (PST)rbar...@mozilla.com

Re: Re: Proposed limited exception to SHA-1 issuance

works. Your observations are likely due to ongoing testing.DeanOn 02/25/16, Rob Stradling<rob.stradl...@comodo.com> wrote: On 24/02/16 22:53, Dean Coclin wrote:> Peter,> The same one they've been using and know works: VeriSign Class 3> International Server CA - G3.Dean, are you sure

Re: Re: Proposed limited exception to SHA-1 issuance

This is Dean from Symantec (same Dean as the CA/B Forum Chair but I'm leaving that hat off right now). I'd like to answer some questions about this situation on which I agree is less than ideal.First off, as Gerv mentioned, many device manufacturers erroneously embedded public roots in their

Re: Comments and discussion on code signing certs

FYI-The Forum never received these comments. Did you send them to the questi...@cabforum.org list? However, we will add them to our comments log for tracking. Thank you for the comments.Dean CoclinCA/B Forum ChairOn 02/26/15, Peter Kurraschfhw...@gmail.com wrote:‎As suggested by others, I

Re: Re: Organization info in certs not being properly recognized byFirefox

I'd like to focus on this statement: "Users are, quite reasonably, focused on the viewport. After all, that's where the content is and where the task is. Many people simply never see the Location Bar or its security indicators."But many people do in fact look at the security indicators. If that