On Sun, May 15, 2016 at 05:43:39PM -0700, Peter Bowen wrote:
> Some CAs may choose to not issue to sites known to inject malware, but
> this outside the scope of the SSL requirements. The EV Guidelines it
> very clear that the reputation and actions of the Subject are not in
> scope:
knowingly i
On Tue, May 17, 2016 at 01:04:28AM +, Charles Reiss wrote:
> On 05/16/16 12:22, Richard Z wrote:
> >On Sun, May 15, 2016 at 05:43:39PM -0700, Peter Bowen wrote:
> >
> >>Some CAs may choose to not issue to sites known to inject malware, but
> >>this outside
On Thu, May 19, 2016 at 05:20:07PM +1000, Matt Palmer wrote:
> On Tue, May 17, 2016 at 11:14:21PM +0200, Richard Z wrote:
> > There are crime friendly providers already and having crime friendly CAs is
> > something that users would definitely notice.
>
> Why? Do users
On Wed, May 25, 2016 at 01:09:53AM -0700, Ryan Sleevi wrote:
> On Tue, May 24, 2016 at 10:25 AM, wrote:
> > Here's my question -- what do Google and Microsoft do with such reports?
> > Do they investigate and then put a site on the "bad" list, eg, for
> > injecting malware? If not, then no on
On Wed, May 25, 2016 at 11:54:50AM -0400, Eric Mill wrote:
> On Wed, May 25, 2016 at 9:50 AM, wrote:
>
> >
> > Why should CAs delegate to or rely on browsers for this type of user
> > protection? Isn't it better for CAs to remain involved by revoking certs /
> > refusing to issue certs to known
On Mon, May 30, 2016 at 12:44:05PM -0700, John Nagle wrote:
> We need general, automatic MITM detection in HTTP.
>
> It's quite possible. An MITM attack has a basic quality that makes it
> detectable - each end is seeing different crypto bits for the same
> plaintext. All they have to do is comp
On Mon, May 30, 2016 at 09:42:00AM +0100, Gervase Markham wrote:
> On 29/05/16 11:48, Peter Gutmann wrote:
> > Are you really trying to claim that the sad farce that is current browser
> > PKI
> > is absolutely the very best that browser vendors can do in terms of
> > protecting
> > users online?
7 matches
Mail list logo