Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-05 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 5, 2020 at 8:09 AM Malcolm Doody via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tuesday, 3 March 2020 15:37:00 UTC, Jacob Hoffman-Andrews wrote: > > We've posted our Incident Report at > https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1. > > In

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-05 Thread Malcolm Doody via dev-security-policy
On Thursday, 5 March 2020 13:10:38 UTC, Julien Cristau wrote: > I believe that's what https://bugzilla.mozilla.org/show_bug.cgi?id=1619179 > is about. > > Cheers, > Julien > Ah, my bad - that bug hadn't surfaced on MDSP ___ dev-security-policy

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-05 Thread Julien Cristau via dev-security-policy
I believe that's what https://bugzilla.mozilla.org/show_bug.cgi?id=1619179 is about. Cheers, Julien On Thu, Mar 5, 2020 at 2:09 PM Malcolm Doody via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tuesday, 3 March 2020 15:37:00 UTC, Jacob Hoffman-Andrews wrote: > >

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-05 Thread Malcolm Doody via dev-security-policy
On Tuesday, 3 March 2020 15:37:00 UTC, Jacob Hoffman-Andrews wrote: > We've posted our Incident Report at > https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1. In light of https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3, should LE file a 2nd bug report about

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-03 Thread Jacob Hoffman-Andrews via dev-security-policy
We've posted our Incident Report at https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-02-29 Thread Jacob Hoffman-Andrews via dev-security-policy
On Saturday, February 29, 2020 at 4:10:40 AM UTC-8, Nick Lamb wrote: > Hi Jacob, was there a reason not to use the ordinary incident reporting > format ? This is pretty good for ensuring you cover all the questions > we're otherwise likely to ask anyway. Thanks for the reminder. My goal here was

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-02-29 Thread Nick Lamb via dev-security-policy
On Fri, 28 Feb 2020 21:50:47 -0800 (PST) Jacob Hoffman-Andrews via dev-security-policy wrote: > Also posted to https://bugzilla.mozilla.org/show_bug.cgi?id=1619047 Hi Jacob, was there a reason not to use the ordinary incident reporting format ? This is pretty good for ensuring you cover all the

2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-02-28 Thread Jacob Hoffman-Andrews via dev-security-policy
Also posted to https://bugzilla.mozilla.org/show_bug.cgi?id=1619047 On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate