Is Trustico's storage of private keys related to this security report from a
few months back (which did not appear to ever have been fully investigated...)?
https://groups.google.com/d/msg/mozilla.dev.security.policy/CEww8w9q2zE/F_bzX1guCQAJ
Does Digicert have (or will it have) some sort of
Why does the document say "Date: 11/07/17" on every page, and the signed pdf
metadata say
2017-09-25T17:14:35-04:00
2017-09-25T17:18:07-04:00
2017-09-25T17:18:07-04:00
On Tuesday, September 26, 2017 at 4:56:36 PM UTC-4, alejand...@gmail.com wrote:
> In the following link you can find the CPS in
Can this be responded to more directly and comprehensively please?
Are there any staff or personnel being shared between WoSign and Startcom?
This includes any staff from (or paid by) Qihoo 360 its subsidiaries,
contractors, or affiliates--does anyone do any work (paid or unpaid) for both
The link in footnote [1]
https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t000Gmi3AAC=File__Body__s
gives me a 404 error.
On Monday, May 15, 2017 at 11:09:41 AM UTC-4, Steve Medin wrote:
> Gerv,
>
> Our response to the recent questions is posted at:
>
It's useful to note that Outlook 2007 leaves extended support on October 10.
(That deadline has been extended a few times, I believe, but this should be the
final date.)
https://support.microsoft.com/en-us/help/3198497/office-2007-approaching-end-of-extended-support
On Monday, May 15, 2017 at
Possibly this is irrelevant, but I have some concerns on how Symantec, it seems
to me, is willfully mischaracterizing their certificate compliance issues in
their prepared remarks to their investors yesterday.[1]
It makes it sound as if there are some generic certificate industry changes
that
On Monday, May 8, 2017 at 7:21:46 AM UTC-4, okaphone.e...@gmail.com wrote:
> Hi Rick,
>
> I don't see a "May 4th post". Where was it posted? Not here it seems.
It's above--it links to
https://www.symantec.com/connect/blogs/symantec-ca-continues-public-dialogue
>
> Also it's reasonable that
It may be necessary to expand that definition to intermediates that were
capable of issuing certificates within the past year (or longer).
On Monday, May 8, 2017 at 9:31:21 AM UTC-4, Alex Gaynor wrote:
> I'm not the best way to phrase this, so please forgive the bluntness, but I
> think it'd be
Richard,
Did you communicate to your customers over the last 6 months that their
existing certificates may become distrusted? Or did they find out when their
sites stopped working in Chrome?
On Friday, April 28, 2017 at 4:19:01 AM UTC-4, Richard Wang wrote:
> Hi Ryan,
>
>
>
> For your
Is there an expectation of a resolution of some sort to this matter?
Also, their most recent audit is apparently overdue (perhaps related to the
SHA-1 mis-issuance?)
https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/-689uFoXBwAJ
On Thursday, March 16, 2017 at 7:00:51 AM
>Within a few days of discovering these issues they shut down their
>entire RA program. That seems pretty swift and comprehensive to me. The
>fact that they didn't discover these issues for years is clearly a
>problem, but it's not the same problem.
I don't believe that's a fair
I think page 8 of their manual at least partially explains how and what
"QuickInvite" is. The whole document is rather interesting...
https://www.geotrust.com/geocenter/resources/partnercenter-user-guide.pdf
On Saturday, April 1, 2017 at 6:01:23 AM UTC-4, Nick Lamb wrote:
> On Friday, 31 March
For what it's worth, this is the latest post on facebook from the researcher.
https://www.facebook.com/cbyrneiv/posts/10155129935452436
The private key storage issue sounds like a reseller tool, like
https://www.thesslstore.com/ssltools/csr-generator.php
and he found the private key was stored
https://www.bleepingcomputer.com/news/security/researcher-says-api-flaw-exposed-symantec-certificates-including-private-keys/
Does anyone have further information about this?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On Friday, February 17, 2017 at 10:19:06 PM UTC-5, Ryan Sleevi wrote:
> On Fri, Feb 17, 2017 at 5:17 PM, urijah--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Friday, February 17, 2017 at 7:50:31 PM UTC-5, uri...@gmail.com wrote:
> &g
On Friday, February 17, 2017 at 7:50:31 PM UTC-5, uri...@gmail.com wrote:
> On Friday, February 17, 2017 at 7:23:54 PM UTC-5, Ryan Sleevi wrote:
> > I have confirmed with CPA
> > Canada that at during the 2016 and 2017 periods, EY Brazil was not a
> > licensed WebTrust practitioner, as indicated
On Friday, February 17, 2017 at 7:23:54 PM UTC-5, Ryan Sleevi wrote:
> I have confirmed with CPA
> Canada that at during the 2016 and 2017 periods, EY Brazil was not a
> licensed WebTrust practitioner, as indicated at [4].
>
> [4]
>
17 matches
Mail list logo