Re: Arabtec Holding public key?

On Wednesday, April 10, 2019 at 5:53:45 PM UTC-7, Corey Bonnell wrote: > On Wednesday, April 10, 2019 at 7:41:33 PM UTC-4, Nick Lamb wrote: > > (Resending after I typo'd the ML address) > > > > At the risk of further embarrassing myself in the same week, while > > working further on mimicking

Re: GoDaddy Underscore Revocation Disclosure

On Friday, February 8, 2019 at 7:25:08 PM UTC-8, Jakob Bohm wrote: > On 09/02/2019 01:36, Santhan Raj wrote: > > On Friday, February 8, 2019 at 4:09:32 PM UTC-8, Joanna Fox wrote: > >> I agree on the surface this bug appears to be the same, but the root cause > >> is a different. The issue for

Re: Regional BGP hijack of Amazon DNS infrastructure

On Wednesday, April 25, 2018 at 1:57:28 AM UTC-7, Ryan Hurst wrote: > On Tuesday, April 24, 2018 at 5:29:05 PM UTC+2, Matthew Hardeman wrote: > > This story is still breaking, but early indications are that: > > > > 1. An attacker at AS10297 (or a customer thereof) announced several more > >

Re: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure

On Wednesday, January 10, 2018 at 1:33:31 AM UTC-8, jo...@letsencrypt.org wrote: > At approximately 5 p.m. Pacific time on January 9, 2018, we received a report > from Frans Rosén of Detectify outlining a method of exploiting some shared > hosting infrastructures to obtain certificates for

Re: DigiCert-Symantec Announcement

On Wednesday, August 2, 2017 at 6:44:51 PM UTC-7, Peter Bowen wrote: > On Wed, Aug 2, 2017 at 2:12 PM, Jeremy Rowley via dev-security-policy > wrote: > > Today, DigiCert and Symantec announced that DigiCert is acquiring the > > Symantec CA assets, including

Re: When are public applications embedding certificates pointing to 127.0.0.1 OK?

On Wednesday, June 21, 2017 at 12:02:51 PM UTC-7, Jonathan Rudenberg wrote: > > On Jun 21, 2017, at 14:41, urijah--- via dev-security-policy > > wrote: > > > > Apparently, in at least one case, the certificate was issued directly(!) to > > localhost by

Re: Misissued/Suspicious Symantec Certificates

On Friday, February 24, 2017 at 5:12:43 PM UTC-8, Peter Bowen wrote: > "auditing standards that underlie the accepted audit schemes found in > Section 8.1" > > This is obviously a error in the BRs. That language is taken from > Section 8.1 and there is no list of schemes in 8.1. > > 8.4 does

Re: GoDaddy Misissuance Action Items

On Monday, February 13, 2017 at 3:14:06 PM UTC-8, Santhan Raj wrote: > On Monday, February 13, 2017 at 4:22:34 AM UTC-8, Gervase Markham wrote: > > > That is why, despite some IPR-related tangles, Mozilla will be requiring > > in its next CA Communication that all CAs move to using only those > >

Re: GoDaddy Misissuance Action Items

On Monday, February 13, 2017 at 4:22:34 AM UTC-8, Gervase Markham wrote: > That is why, despite some IPR-related tangles, Mozilla will be requiring > in its next CA Communication that all CAs move to using only those > documented methods in a fairly short timeframe, regardless of what the > BRs