Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Wed, Dec 5, 2018 at 2:36 AM Fotis Loukos via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 4/12/18 8:30 μ.μ., Ryan Sleevi via dev-security-policy wrote: > > On Tue, Dec 4, 2018 at 5:02 AM Fotis Loukos < > me+mozdevsecpol...@fotisl.com> > > As far as I can tell, if no

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Wed, Dec 5, 2018 at 3:48 AM Dimitris Zacharopoulos via dev-security-policy wrote: > On 5/12/2018 10:02 π.μ., Fotis Loukos wrote: > > > The proposal was apparently to further restrict the ability of CAs to > > make exceptions on their own, by requiring all such exceptions to go > > through the

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On 5/12/2018 10:02 π.μ., Fotis Loukos wrote: On 4/12/18 8:29 μ.μ., Dimitris Zacharopoulos via dev-security-policy wrote: Fotis, You have quoted only one part of my message which doesn't capture the entire concept. I would appreciate it if you mentioned how exactly did I distort your proposal

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On 4/12/18 8:29 μ.μ., Dimitris Zacharopoulos via dev-security-policy wrote: > Fotis, > > You have quoted only one part of my message which doesn't capture the > entire concept. I would appreciate it if you mentioned how exactly did I distort your proposal and which parts that change the meaning

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Tue, Dec 4, 2018 at 1:29 PM Dimitris Zacharopoulos via dev-security-policy wrote: > I tried to highlight in this discussion that there were real cases in > m.d.s.p. where the revocation was delayed in practice. However, the > circumstances of these extended revocations remain unclear. Yet,

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Tue, Dec 4, 2018 at 5:02 AM Fotis Loukos wrote: > An initial comment is that statements such as "I disagree that CAs are > "doing their best" to comply with the rules." because some CAs are > indeed not doing their best is simply a fallacy in Ryan's argumentation, > the fallacy of

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

Fotis, You have quoted only one part of my message which doesn't capture the entire concept. CAs that mis-issue and must revoke these mis-issued certificates, already violated the BRs. Delaying revocation for more than what the BRs require, is also a violation. There was never doubt about

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

Hello, On 4/12/18 4:30 μ.μ., Jakob Bohm via dev-security-policy wrote: > Hello to you too. > > It seems that you are both misunderstanding what the proposal was. > > The proposal was apparently to further restrict the ability of CAs to > make exceptions on their own, by requiring all such

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

Hello to you too. It seems that you are both misunderstanding what the proposal was. The proposal was apparently to further restrict the ability of CAs to make exceptions on their own, by requiring all such exceptions to go through the public forums where the root programs can challenge or

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

Hello everybody, First of all, I would like to note that I am writing as an individual and my opinion does not necessarily represent the opinion of my employer. An initial comment is that statements such as "I disagree that CAs are "doing their best" to comply with the rules." because some CAs

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Fri, Nov 30, 2018 at 4:24 AM Dimitris Zacharopoulos wrote: > > > On 30/11/2018 1:49 π.μ., Ryan Sleevi wrote: > > > > On Thu, Nov 29, 2018 at 4:03 PM Dimitris Zacharopoulos via > dev-security-policy wrote: > >> I didn't want to hijack the thread so here's a new one. >> >> >> Times and

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On 30/11/2018 1:49 π.μ., Ryan Sleevi wrote: On Thu, Nov 29, 2018 at 4:03 PM Dimitris Zacharopoulos via dev-security-policy > wrote: I didn't want to hijack the thread so here's a new one. Times and circumstances change. You have to

Re: CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

On Thu, Nov 29, 2018 at 4:03 PM Dimitris Zacharopoulos via dev-security-policy wrote: > I didn't want to hijack the thread so here's a new one. > > > Times and circumstances change. You have to demonstrate that. When I brought this up at the Server > Certificate Working Group of the CA/B

CA disclosure of revocations that exceed 5 days [Was: Re: Incident report D-TRUST: syntax error in one tls certificate]

I didn't want to hijack the thread so here's a new one. On 29/11/2018 6:39 μ.μ., Ryan Sleevi wrote: On Thu, Nov 29, 2018 at 2:16 AM Dimitris Zacharopoulos mailto:ji...@it.auth.gr>> wrote: Mandating that CAs disclose revocation situations that exceed the 5-day requirement with