dev-security-policy
Sent: 17 June 2020 23:13
To: r...@sleevi.com
Cc: Mozilla
Subject: Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content
types)
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender
Doh - how did I miss that?! Thanks Ryan
From: Ryan Sleevi
Sent: Wednesday, June 17, 2020 4:11:46 PM
To: Jeremy Rowley
Cc: Mozilla
Subject: Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content
types)
It's right there under "Trust Filter"
f Ryan Sleevi via dev-security-policy <
> dev-security-policy@lists.mozilla.org>
> Sent: 22 May 2020 21:52
> To: Hanno Böck
> Cc: r...@sleevi.com ;
> dev-security-policy@lists.mozilla.org <
> dev-security-policy@lists.mozilla.org>
> Subject: Re: CA Issuer AIA
Subject: Re: CA Issuer AIA URL content types
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
I believe you've still implied, even in this reply, that this is something
: CA Issuer AIA URL content types
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
I believe you’ve still implied, even in this reply, that this is something
serious or important. I
I believe you’ve still implied, even in this reply, that this is something
serious or important. I see no reason to believe that is the case, and I
wasn’t sure if there was anything more than a “Here’s a SHOULD and here’s
people not doing it,” which doesn’t seem that useful to me.
On Fri, May 22,
Hi,
On Fri, 22 May 2020 09:55:22 -0400
Ryan Sleevi via dev-security-policy
wrote:
> Could you please cite more specifically what you believe is wrong
> here? This is only a SHOULD level requirement.
I think I said that more or less:
> > I'm not going to file individual reports for the CAs.
Hanno,
Could you please cite more specifically what you believe is wrong here?
This is only a SHOULD level requirement.
Are you aware of any clients that enforce or even check the mime type for
these requests? I am not, nor am I aware of any issues deviating from the
SHOULD would present.
On
Issuer AIA URL content types
Hi,
Doing some analysis on the AIA CA Issuer field I checked the content
types the certificates are served. These are the AIA issuer fields in
the top 1 from the alexa list, so this is incomplete.
According to RFCs application/pkix-cert is the only correct
Hi,
Doing some analysis on the AIA CA Issuer field I checked the content
types the certificates are served. These are the AIA issuer fields in
the top 1 from the alexa list, so this is incomplete.
According to RFCs application/pkix-cert is the only correct
content-type. However the majority
10 matches
Mail list logo
