Matt,
Voluntarily providing CSR is not an ideal way to prove key compromise, because
you could've simply found this CSR somewhere (I know, I know, super unlikely
with your Subject... but still could happen.)
And while "compromised" is way too short (one can sign up to 32 bytes using it
as a
There's a specific provision in the CAA checking algorithm that allows CAs to
not even bother checking CAA records if CA operates the nameservers for the
domain.
On Monday, 14 October 2019 04:28:19 UTC+2, Clint Wilson wrote:
> On Thu, Oct 10, 2019 at 11:32 PM Ryan Sleevi via
On Saturday, March 9, 2019 at 3:44:12 AM UTC+1, Matthew Hardeman wrote:
> I know this isn't the place to bring a BR ballot, but I'm not presently a
> participant there.
>
> I present alternative language along with notes and rationale which, I put
> forth, would have resulted in a far better
Ballot 164 statement of intent is pretty clear: (arbitrary) 64 bit of
randomness was needed to defeat collisions in broken MD5.
With SHA2, the missing 1 bit does not seem to have any impact on the possible
collisions.
But BRs are not to be interpreted, just to be applied to the letter, whether
On Friday, February 1, 2019 at 11:38:40 PM UTC+1, Kurt Roeckx wrote:
> On Fri, Feb 01, 2019 at 03:02:17PM -0700, Wayne Thayer wrote:
> > It was pointed out to me that the OCSP status of the misissued certificate
> > that is valid for over 5 years is still "unknown" despite having been
> > revoked
5 matches
Mail list logo
