Re: Transforming a trade name into ASCII in the O field of an OV cert

On Tue, Apr 24, 2018 at 11:03 PM, cbonnell--- via dev-security-policy wrote: > On Tuesday, April 24, 2018 at 4:33:24 PM UTC-4, Henri Sivonen wrote: >> On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via >> dev-security-policy wrote: >> > That is correct. We use transliteration of non-latin names

Re: Transforming a trade name into ASCII in the O field of an OV cert

On Tue, Apr 24, 2018 at 10:32 PM, Henri Sivonen wrote: > On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via > dev-security-policy wrote: >> That is correct. We use transliteration of non-latin names through a system >> recognized by ISO per Appendix D(1)(3) > > But "Säästöpankkiliitto osk" is no

Re: Transforming a trade name into ASCII in the O field of an OV cert

On Tue, Apr 24, 2018 at 10:18 PM, Jeremy Rowley via dev-security-policy wrote: > That is correct. We use transliteration of non-latin names through a system > recognized by ISO per Appendix D(1)(3) But "Säästöpankkiliitto osk" is not a non-Latin name! (It is a non-ASCII name.) Also, no such trans

Re: Transforming a trade name into ASCII in the O field of an OV cert

On Sun, Apr 15, 2018 at 6:47 PM, Ryan Sleevi wrote: > > On Sun, Apr 15, 2018 at 9:13 AM Henri Sivonen via dev-security-policy > wrote: >> >> (Mozilla hat off.) >> >> After reading about the California versus Delaware thing when it comes >> to the certific

Transforming a trade name into ASCII in the O field of an OV cert

(Mozilla hat off.) After reading about the California versus Delaware thing when it comes to the certificate for stripe.com, out of curiosity, I took a fresh look at the ISO 3166-1 code in the EV certificates of some of the banks that operate in Finland. (Result: https://www.nordea.fi/ is SE, http

Estonia e-residency instructing users not to update Firefox (on Mac)

(Not sure if this is the right mailing list, but while I'm not sure how exactly the PKI operations of the government of Estonia are structured organizationally, on surface it looks like this is related to client cert activities of a CA that is Mozilla-trusted for server certs.) A Medium post claim

Re: StartCom continues to sell untrusted certificates

On Mon, May 1, 2017 at 11:31 AM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 01/05/17 07:52, Percy wrote: >> It seems that StartCom continues to sell untrusted certs. Neither their home page https://www.startcomca.com/ nor their announcement page htt

Re: Removing "Wildcard DV Certs" from Potentially Problematic Practices list

On Thu, Apr 20, 2017 at 4:02 PM, Gervase Markham via dev-security-policy wrote: > I don't believe the issuance of wildcard DV certs is problematic in > practice. Mozilla is of the view that ubiquitous SSL is the highest > priority for the Web PKI, and wildcard certs are a part of that. Mozilla > a