On 10/14/2016 01:00 PM, Gervase Markham wrote:
K) StartCom impersonating mozilla.com.
https://bugzilla.mozilla.org/show_bug.cgi?id=471702 StartCom's
(former) CEO Eddy Nigg obtained a key and certificate for
www.mozilla.com and placed it on an Internet-facing server.
I do consider
/show_bug.cgi?id=471702
StartCom's (former) CEO Eddy Nigg obtained a key and certificate for
www.mozilla.com and placed it on an Internet-facing server.
You make this appear as if StartCom used its capacity as a certificate
authority to somehow abuse somebody or something, but for the wider
audience
rds
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
alternative to current mix of the established
certificate authorities - except if somebody is looking for revenge or
other personal matters
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@sta
nd/or easy to be
confirmed.
I assume that Inigo will report to the mailing list sometimes directly
too in order to update on the progress.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:st
that
all is included, covered and implied, but should a mistake have happened
in the statements made by the auditors I'm sure we can get a corrected
statement or explanation.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startc
On 09/05/2016 10:54 AM, Gervase Markham wrote:
Hi Eddy,
On 04/09/16 09:51, Eddy Nigg wrote:
I don't want to extend this discussion unnecessarily, but as a side note
you don't know which agreements this employee has signed with StartCom
and/or WoSign and hence you can't make a judgement
re you talking about?? Even though some nasty and
undesired errors happened here, its in no comparison to what happened at
Diginotar which basically lost control over the CA.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@
On 09/02/2016 07:02 PM, Nick Lamb wrote:
On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
Lets speak about relying parties - how does this bug affect you?
As a relying party I am entitled to assume that there is no more than one
certificate signed by a particular issuer
in any case.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozil
number assignment bug.
The way Eddy Nigg describes the issue, it appears there is some kind of
low level race condition in the code or hardware that increments and
uses the serial number counter deep inside the CA, perhaps in a heavily
locked down HSM that prevents fixing the issue without
On 09/01/2016 11:52 AM, Nick Lamb wrote:
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote:
Not so, rather according to my assessment, the cost and everything it
entailed (including other risks) to fix that particular issue outweighed
the benefits for having it fixed within a time
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.m
between the subject entities.
There were a couple of certificates which resulted in duplicate serials
- this could happen under certain circumstances, a bug that has been
fixed by now. We'll look into revoking and reissuing them.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd
would also be curious about why the certificate has not been logged to
CT, given StartCom's prior statements with regards to CT adoption.
We are checking it, it might have been logged at the wrong place. I'll
try to provide an answer on this too when possible.
--
Regards
Signer: Eddy Nigg
that a public incident report is
necessary, but should anything change in our current assessment we will
obviously act accordingly. I instructed additional verifications and
confirmations to assert that assessment.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <h
with smaller keys to be detected quickly and there
will be no incentive to use such keys for web sites (there are other
use-cases for non-browsers and those should be still permitted I guess).
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start
interesting
facts:
http://news.netcraft.com/archives/2014/04/25/heartbleed-why-arent-certificates-being-revoked.html
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog: Join the Revolution
On 04/10/2014 07:05 PM, Eddy Nigg wrote:
I agree - I've saw the tweets bug reports and this posting. I'll be glad
to join the discussion and we intend to take a public stance as soon as
things calm down a bit.
Currently all hell is lose, but I promise to get back to you all in due
time
which isn't even under our control are
revocations. And if it wouldn't be necessary to raise a fee for that we
wouldn't either.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog: Join
exists between the two
parties and a CA can't audit another CA. For this the BR sets forth a
requirement for an independent audit by a (different) auditing firm than
the CA signer/issuer, in order to avoid any conflict of interests.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
excludes the CA performing a (self) audit for the sub
ordinate CAs for example.
In respect to limiting issuance to a TLD, Mozilla might have to set a
criteria for it first. Being a national (local) CA could be such a criteria.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
purposes you
outlined in your mail.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security-policy mailing list
dev-security-policy
...if experience shows that it doesn't pay out to comply to
requirements, than why care next time?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev
still open meaning if no stapled OCSP response, use the normal
pointers and if that fails use CRL. Remove EV (and the secure UI
indicators if you want from any other certificate) when certificate
status can't be verified.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
25 matches
Mail list logo