This blog post is very vague, one can understood from it that Microsoft will
not trust any new certificates from these two CAs:
"Microsoft will begin the natural deprecation of WoSign and StartCom
certificates by setting a “NotBefore” date ... Windows 10 will not trust any
new certificates
On Monday, August 7, 2017 at 11:03:27 PM UTC+3, Jakob Bohm wrote:
> 7. At Quihoo: Actually get rid of Richard Wang, not just change his
>title from CEO to COO.
I didn't map the new hierarchy of the "Spanish" StartCom CA ("StartCom CA Spain
Sociedad Limitada"), having trouble registering to
Trust is something you *gain*.
I want to believe the internet has come a long way from PGP signing parties.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Monday, July 10, 2017 at 9:00:04 AM UTC+3, Richard Wang wrote:
> " 5. Provide auditor[3] attestation that a full security audit of the CA’s
> issuing infrastructure has been successfully completed. "
> " [3] The auditor must be an external company, and approved by Mozilla. "
What is the
Mr. Wang is mentioned on the end of the document, what is Richard Wang current
official responsibility of Mr. Wang at WoSign?
According to the incident report, release on October 2016 [1], Mr. Wang was
suppose to be relieved of his duties as CEO, this is mentioned in 3 separate
paragraphs
On Thursday, April 20, 2017 at 4:03:36 PM UTC+3, Gervase Markham wrote:
> Mozilla also doesn't believe that it's the job of CAs to police phishing
CAs should police as long as the browser gives positive reinforcement to the
end-users when they access a [phishing] site.
There were suggestions in
On Tuesday, February 28, 2017 at 6:00:47 PM UTC+2, Nick Lamb wrote:
> This is useful independent evidence that (at least some of) the names did
> exist at one time.
The problem is that they're "re-keying" certificates for domains that are no
longer in control of their subscribers (as Andrew
On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> I think that without more evidence we must assume that GlobalSign
> validated this domain correctly at a time when it existed.
There are many more test*.* domains, non of those (about 10) I checked exist. I
will compose
I talked with Ofer from Incapsula, he said the domain exist at some point;
Someone have access to domain tools or other tool to verify this matter? Based
on domaintools I can say the domain did exist but I can't tell when it cease to
exist.
This practice seem to go back to Apr 2014.
Link: https://crt.sh/?dNSName=testslsslfeb20.me
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
10 matches
Mail list logo