Re: Expired Root CA in certdata.txt

ficates. Timestamped codesigned objects can continue to work after their certificate has expired as the "timestamp" shows that a certificate was valid *at the time it performed the signature*. Have a look here: https://serverfault.com/questions/878919/what-happens-to-code-sign-certificates-when-

Re: Request to Include emSign Root CA - G1, emSign Root CA - G3, emSign Root CA - C1, and emSign Root CA - C3

Visiting the www.emsign.com homepage brings up a list of proposed products. Currently, in the "Types of Certificate" table halfway down the page is the following: Wildcard SSL - OV Wildcard SSL - EV UCC Wildcard SSL - DV UCC Wildcard SSL - OV UCC Wildcard SSL - EV That's not a good sign at al

CAs not compliant with CAA CP/CPS requirement

Is there a typo here? Digicert.net.jp and Cybertrust.net.jp do not resolve, Japan tends to use the .NE.jp suffix, not .net.jp . Therefore shouldn't these be Digicert.ne.jp and Cybertrust.ne.jp ? These two do indeed resolve. On this subject, I am curious as to why it appears a lot of CA's do not ten

Re: Private key corresponding to public key in trusted Cisco certificate embedded in executable

There's more than just a clue in the name drmlocal.cisco.com , if one looks up this address in the DNS it returns the loopback IP 127.0.0.1 . http://dnstools.ws/tools/lookup.php?host=drmlocal.cisco.com&type=A This can only mean that this address is fully intended to be referred to only by one's own

Re: CloudFlare Issuing SHA-1 SSL Certificates

ainst the BR's, there is nothing to stop people running older software, the only sanction possible is removing the root from current software, which is already done. Samuel Pinder On Sat, Apr 15, 2017 at 12:10 PM, James Burton via dev-security-policy wrote: > CloudFlare has been is

RE: wosign and letsencrypt.cn / letsencrypt.com.cn

As far as I know, transferring by entering the name and address of the person to transfer to would work via your registrar. But then CNNIC will want to see a photo of a passport showing the name of the person in full within a certain deadline, otherwise the domain would be suspended. A registrar ga

Re: Remediation Plan for WoSign and StartCom

g effectively a new CA certificate that is cross-signed, only to be using the existing infrastructure that is currently meant to be undergoing remediation. That'd probably be put under the same restrictions too if that's the case. Samuel Pinder On Mon, Oct 24, 2016 at 6:43 AM, Richard Wan

Re: Remediation Plan for WoSign and StartCom

issue free certificates anyway. I hope this helps in some way! Samuel Pinder ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Remediation Plan for WoSign and StartCom

once the management of Startcom has changed hands away from WoSign (their very well hidden incident report link suggests this will happen around December), one can expect much more expeditious and honest communication. Samuel Pinder On Fri, Oct 21, 2016 at 7:29 PM, wrote: > Isn't that