On 5/15/20, Peter Gutmann via dev-security-policy
wrote:
> Hanno Böck writes:
>
>>The impact it had was a monitoring system that checked whether the
>>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>>also uncovered a somewhat unexpected inconsistency in how the gnutls c
On 8/29/19, Nick Lamb wrote:
> On Thu, 29 Aug 2019 13:33:26 -0400
> Lee via dev-security-policy
> wrote:
>
>> That it isn't my financial institution. Hopefully I'd have the
>> presence of mind to save the fraud site cert, but I'd either find the
>>
On 8/29/19, Nick Lamb via dev-security-policy
wrote:
> On Wed, 28 Aug 2019 11:51:37 -0700 (PDT)
> Josef Schneider via dev-security-policy
> wrote:
>
>> Not legally probably and this also depends on the jurisdiction. Since
>> an EV cert shows the jurisdiction, a user can draw conclusions from
>> t
On 12/29/18, Ryan Sleevi wrote:
> On Sat, Dec 29, 2018 at 10:24 AM Lee wrote:
>
>> > It does not seem like a productive discussion will emerge if the
>> > ontology
>> > is going to be honest/dishonest participants.
>>
>> I think it's an excellent distinction. An honest subscriber won't
>> delibe
On 12/29/18, Ryan Sleevi via dev-security-policy
wrote:
> On Fri, Dec 28, 2018 at 11:21 PM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> > My guess is all CAs have something like
>> >https://www.digicert.com/certificate-terms/
>> > 15. Certificate Re
On 12/28/18, Jakob Bohm via dev-security-policy
wrote:
> On 28/12/2018 19:44, Lee wrote:
>> On 12/27/18, Jakob Bohm via dev-security-policy
>> wrote:
>>> Looking at the BRs, specifically BR 4.9.1, the reasons that can lead
>>> to fast revocation fall into a few categories / groups:
>> <.. sn
On 12/27/18, Jakob Bohm via dev-security-policy
wrote:
> Looking at the BRs, specifically BR 4.9.1, the reasons that can lead
> to fast revocation fall into a few categories / groups:
<.. snip ..>
> So absent a bad CA, I wonder where there is a rule that subscribers
> should be ready to quickl
On 6/1/18, Ryan Sleevi wrote:
> On Fri, Jun 1, 2018 at 9:14 AM, Peter Kurrasch wrote:
>
>> Security can be viewed as a series of AND's that must be satisfied in
>> order to conclude "you are probably secure". For example, when you browse
>> to an important website, make sure that "https" is used AN
What's it going to take for mozilla to set up near real-time
monitoring/auditing of certs showing up in ct logs?
Lee
On 8/9/17, Alex Gaynor via dev-security-policy
wrote:
> (Whoops, accidentally originally CC'd to m.d.s originally! Original mail
> was to IdenTrust)
>
> Hi,
>
> The following cert
On 8/9/17, Eric Mill wrote:
> On Wed, Aug 9, 2017 at 4:28 PM, Lee wrote:
>
>> On 8/9/17, Eric Mill via dev-security-policy
>> wrote:
>> > On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
>> > dev-security-policy@lists.mozilla.org> wrote:
>> >
>> >> On Tuesday, August 8, 201
On 8/9/17, Eric Mill via dev-security-policy
wrote:
> On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
>> > > On Aug 8, 2017, at 10:29, identrust---
On 6/20/17, mfisch--- via dev-security-policy
wrote:
> On Monday, June 19, 2017 at 7:37:23 PM UTC-4, Matt Palmer wrote:
>> On Sun, Jun 18, 2017 at 08:17:07AM -0700, troy.fridley--- via
>> dev-security-policy wrote:
>> > If you should find such an issue again in a Cisco owned domain, please
>> > re
On 5/1/17, Ryan Sleevi wrote:
> On Mon, May 1, 2017 at 1:53 PM, Lee via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 5/1/17, Gervase Markham via dev-security-policy
>> wrote:
>> > The last CA Communication laid down our p
On 5/1/17, Gervase Markham via dev-security-policy
wrote:
> The last CA Communication laid down our policy of only permitting the 10
> Blessed Methods of domain validation. A CA Communication is an official
> vehicle for Mozilla Policy so this is now policy, but it's not reflected
> in the main po
On 4/28/17, Eric Mill via dev-security-policy
wrote:
> On Fri, Apr 28, 2017 at 4:16 AM, Richard Wang via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> This Google decision’s problem is some big websites used a domain that not
>> listed in Alexa 1M suffered disruption,
15 matches
Mail list logo
