Re: Pre-Incident Report - GoDaddy Serial Number Entropy

On Wednesday, March 13, 2019 at 9:09:35 PM UTC-4, Peter Gutmann wrote: > Richard Moore via dev-security-policy > writes: > > >If any other CA wants to check theirs before someone else does, then now is > >surely the time to speak up. > > I'd already asked previously whether any CA wanted to

Re: Discrepancy on Address

On Friday, February 8, 2019 at 4:20:14 AM UTC-5, Kurt Roeckx wrote: > On 2019-02-08 1:04, identr...@gmail.com wrote: > > On Thursday, February 7, 2019 at 6:47:03 PM UTC-5, iden...@gmail.com wrote: > >> On 04/04/2018 we found a discrepancy in the address values for some SSL > >> certificates. A

Re: Discrepancy on Address

On Thursday, February 7, 2019 at 6:47:03 PM UTC-5, iden...@gmail.com wrote: > On 04/04/2018 we found a discrepancy in the address values for some SSL > certificates. A formal incident Report was just posted: > https://bugzilla.mozilla.org/show_bug.cgi?id=1526099 CORRECTION: This issue was found

Discrepancy on Address

On 04/04/2018 we found a discrepancy in the address values for some SSL certificates. A formal incident Report was just posted: https://bugzilla.mozilla.org/show_bug.cgi?id=1526099 ___ dev-security-policy mailing list

Re: Identrust Commercial Root CA 1 EV Request

groups.google.com/d/msg/mozilla.dev.security.policy/00gci6NII9Y/AsQHXkltDgAJ > > On Mon, Oct 22, 2018 at 2:14 PM identrust--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > On Wednesday, October 17, 2018 at 9:08:41 PM UTC-4, Matt Palmer wrot

Re: Identrust Commercial Root CA 1 EV Request

On Wednesday, October 17, 2018 at 9:08:41 PM UTC-4, Matt Palmer wrote: > On Wed, Oct 17, 2018 at 03:09:52PM -0700, identrust--- via > dev-security-policy wrote: > > On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote: > > > On Tue, Oct 16, 2018 at 02:18:

Re: Identrust Commercial Root CA 1 EV Request

On Wednesday, October 17, 2018 at 9:08:41 PM UTC-4, Matt Palmer wrote: > On Wed, Oct 17, 2018 at 03:09:52PM -0700, identrust--- via > dev-security-policy wrote: > > On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote: > > > On Tue, Oct 16, 2018 at 02:18:

Re: Identrust Commercial Root CA 1 EV Request

On Wednesday, October 17, 2018 at 2:02:34 PM UTC-4, Jakob Bohm wrote: > On 17/10/2018 01:18, Matt Palmer wrote: > > On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via > > dev-security-policy wrote: > >> 5.Explanation about how and why the mistakes were made, and n

Re: Identrust Commercial Root CA 1 EV Request

On Wednesday, October 17, 2018 at 2:02:34 PM UTC-4, Jakob Bohm wrote: > On 17/10/2018 01:18, Matt Palmer wrote: > > On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via > > dev-security-policy wrote: > >> 5.Explanation about how and why the mistakes were made, and n

Re: Identrust Commercial Root CA 1 EV Request

On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote: > On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via > dev-security-policy wrote: > > 5.Explanation about how and why the mistakes were made, and not caught and > > fixed earlier. > > > &

Re: Identrust Commercial Root CA 1 EV Request

On Monday, October 15, 2018 at 7:15:26 PM UTC-4, Nick Hatch wrote: > On February 21 2018, I reported an unexpired certificate to Identrust which > contained SAN entries for several invalid .INT domains: > > https://crt.sh/?id=7852280 > > They acknowledged and revoked the certificate in a

Re: Identrust Commercial Root CA 1 EV Request

On Tuesday, September 18, 2018 at 8:53:58 PM UTC-4, Wayne Thayer wrote: > This request is to enable EV treatment for the Identrust Commercial Root CA > 1 as documented in the following bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1339292 > > * BR Self Assessment is here: >

Re: Identrust Commercial Root CA 1 EV Request

On Monday, September 24, 2018 at 1:09:07 PM UTC-4, Wayne Thayer wrote: > Good point Nick. Can someone from Identrust provide more details on > Identrust's use and implementation of validation method 3.2.2.4.10? [IdenTrust:]We have confirmed in the Jan/2018 CA Communication Survey that this

Re: CAs not compliant with CAA CP/CPS requirement

On Friday, September 8, 2017 at 3:25:20 PM UTC-4, Andrew Ayer wrote: > The BRs state: > > "Effective as of 8 September 2017, section 4.2 of a CA's Certificate > Policy and/or Certification Practice Statement (section 4.1 for CAs > still conforming to RFC 2527) SHALL state the CA's policy or

Re: CAs not compliant with CAA CP/CPS requirement

On Friday, September 8, 2017 at 5:57:44 PM UTC-4, Jeremy Rowley wrote: > Hi Andrew, > > I'm not certain how to update the previous Mozilla response with respect to > CAA, but we added the following as authorized CAA records: > Digicert.com > *.digicert > Digicert.net.jp > Cybertrust.net.jp > >

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Thursday, August 31, 2017 at 11:31:48 PM UTC-4, Eric Mill wrote: > Thank you for the continued updates, and for relaying the deadline by which > these will be revoked. > > On Thu, Aug 31, 2017 at 9:35 PM, identrust--- via dev-security-policy < > dev-security-policy@lists.

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Monday, August 28, 2017 at 3:28:01 PM UTC-4, iden...@gmail.com wrote: > On Friday, August 18, 2017 at 7:22:06 PM UTC-4, iden...@gmail.com wrote: > > On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote: > > > > On Aug 17, 2017, at 14:24, identrus

Re: Violations of Baseline Requirements 4.9.10

On Tuesday, August 29, 2017 at 9:41:07 AM UTC-4, Paul Kehrer wrote: > I've recently completed a scan of OCSP responders with a focus on checking > whether they are compliant with BR section 4.9.10's requirement: "Effective > 1 August 2013, OCSP responders for CAs which are not Technically >

Re: Violations of Baseline Requirements 4.9.10

On Tuesday, August 29, 2017 at 12:51:05 PM UTC-4, Ryan Sleevi wrote: > On Tue, Aug 29, 2017 at 8:47 AM, Paul Kehrer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > Symantec / GeoTrust > > > > CCADB does not list an email address. Not CC'd. > > > > DN: C=IT,

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Friday, August 18, 2017 at 7:22:06 PM UTC-4, iden...@gmail.com wrote: > On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote: > > > On Aug 17, 2017, at 14:24, identrust--- via dev-security-policy > > > <dev-security-policy@lists.mozilla.org>

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 17, 2017, at 14:24, identrust--- via dev-security-policy > > <dev-security-policy@lists.mozilla.org> wrote: > > > > Hello, In reference to 3)"Certificates that appear to be i

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy > > wrote: > > > > I looked through the CT logs and found 15 more unexpired unrevoked > > certificates

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy > > wrote: > > > > I looked through the CT logs and found 15 more unexpired unrevoked > > certificates

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy > > wrote: > > > > I looked through the CT logs and found 15 more unexpired unrevoked > > certificates

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy > > wrote: > > > > I looked through the CT logs and found 15 more unexpired unrevoked > > certificates

Re: Misissued certificates - pathLenConstraint with CA:FALSE

On Wednesday, August 9, 2017 at 9:53:14 PM UTC-4, Alex Gaynor wrote: > (Whoops, accidentally originally CC'd to m.d.s originally! Original mail > was to IdenTrust) > > Hi, > > The following certificates appear to be misissued: > > https://crt.sh/?id=77893170=cablint >

Re: O=U.S. Government for non-USG entity (IdenTrust)

On Wednesday, August 16, 2017 at 2:06:21 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 16, 2017, at 13:44, Jonathan Rudenberg via dev-security-policy > > wrote: > > > > After looking into this more, I’ve found that the majority of certificates > > issued

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Tuesday, August 15, 2017 at 4:42:06 PM UTC-4, Eric Mill wrote: > On Tue, Aug 15, 2017 at 2:47 PM, identrust--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > We have been moderately successful in replacing the five (5) > > cert

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Friday, August 11, 2017 at 6:05:29 PM UTC-4, paul.l...@gmail.com wrote: > On Friday, August 11, 2017 at 3:43:17 PM UTC-5, iden...@gmail.com wrote: > > IdenTrust is fully aware of the situation and has consulted with internal > > and external parties to ensure that our course of action is

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Tuesday, August 15, 2017 at 1:51:36 AM UTC-4, Eric Mill wrote: > On Fri, Aug 11, 2017 at 4:43 PM, identrust--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote: > > >

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote: > On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > We acknowledge seeing this issue and are looking into it. > > Detai

Re: Misissued certificates

On Thursday, August 10, 2017 at 12:21:18 PM UTC-4, Ryan Sleevi wrote: > On Thu, Aug 10, 2017 at 11:55 AM, identrust--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > On Thursday, August 10, 2017 at 12:23:55 AM UTC-4, Lee wrote: > >

Re: Misissued certificates

On Thursday, August 10, 2017 at 12:23:55 AM UTC-4, Lee wrote: > What's it going to take for mozilla to set up near real-time > monitoring/auditing of certs showing up in ct logs? > > Lee > > On 8/9/17, Alex Gaynor via dev-security-policy > wrote: > >

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

y-policy@lists.mozilla.org> wrote: > >> > On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy < > >> > dev-security-policy@lists.mozilla.org> wrote: > >> > > >> >> On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Ru

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote: > “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL > that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is > required to have the plaintext HTTP scheme according to Baseline

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy > > <dev-security-policy@lists.mozilla.org> wrote: > > > > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenbe

Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)

On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote: > > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy > > <dev-security-policy@lists.mozilla.org> wrote: > > > > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenbe