riginal Message-
From: dev-security-policy On
Behalf Of Jakob Bohm via dev-security-policy
Sent: Monday, April 15, 2019 4:58 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
Thanks for the explanation.
Is it
According to Jeremy (see below), that was not the situation.
On 15/04/2019 14:09, Man Ho wrote:
I don't think that it's trivial for less-skilled user to obtain the CSR
of "DigiCert Global Root G2" certificate and posting it in the request
of another certificate, right?
On 15-Apr-19 6:57 PM, Ja
om: dev-security-policy
>> On Behalf Of Wayne
>> Thayer via dev-security-policy
>> Sent: Friday, April 12, 2019 10:39 AM
>> To: Jakob Bohm
>> Cc: mozilla-dev-security-policy
>>
>> Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
>
mozilla-dev-security-policy
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
It's not clear that there is anything for DigiCert to respond to. Are we
asserting that the existence of this Arabtec certificate is proof that DigiCert
violated section 3.2.1 of their CPS?
- Wayne
On Fri, 12 Apr 2019 16:56:23 +
Jeremy Rowley via dev-security-policy
wrote:
> I don't mind filling in details.
>
> We have a system that permits creation of certificates without a CSR
> that works by extracting the key from an existing cert, validating
> the domain/org information, and creat
-policy
Sent: Friday, April 12, 2019 10:56 AM
To: Wayne Thayer mailto:wtha...@mozilla.com> >; Jakob
Bohm mailto:jb-mozi...@wisemo.com> >
Cc: mozilla-dev-security-policy mailto:mozilla-dev-security-pol...@lists.mozilla.org> >
Subject: RE: Arabtec Holding public key? [Weird D
Cc: mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>
> Subject: RE: Arabtec Holding public key? [Weird Digicert issued cert]
>
> I don't mind filling in details.
>
> We have a system that permits creation of certificates without a CSR
019 10:56 AM
To: Wayne Thayer ; Jakob Bohm
Cc: mozilla-dev-security-policy
Subject: RE: Arabtec Holding public key? [Weird Digicert issued cert]
I don't mind filling in details.
We have a system that permits creation of certificates without a CSR that works
by extracting the key f
asons discussed so far).
-Original Message-
From: dev-security-policy On
Behalf Of Wayne Thayer via dev-security-policy
Sent: Friday, April 12, 2019 10:39 AM
To: Jakob Bohm
Cc: mozilla-dev-security-policy
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
It's
It's not clear that there is anything for DigiCert to respond to. Are we
asserting that the existence of this Arabtec certificate is proof that
DigiCert violated section 3.2.1 of their CPS?
- Wayne
On Thu, Apr 11, 2019 at 6:57 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozi
On 11/04/2019 04:47, Santhan Raj wrote:
On Wednesday, April 10, 2019 at 5:53:45 PM UTC-7, Corey Bonnell wrote:
On Wednesday, April 10, 2019 at 7:41:33 PM UTC-4, Nick Lamb wrote:
(Resending after I typo'd the ML address)
At the risk of further embarrassing myself in the same week, while
working
11 matches
Mail list logo