On 2017-12-09 at 08:59 -0700, Wayne Thayer wrote:
> It can be confusing even for people following these things. That's where I
> think collecting problem reporting info from audited sub-CAs in CCADB would
> help.
>
> For everyone else, finding the correct problem reporting information is
> mostly
On 12/09/2017 01:50 AM, Kurt Roeckx via dev-security-policy wrote:
> But it's not obvious to me who to contact to revoke a given
> certifiate, and it would be really useful that given a certificate
> it would be obvious what to do, who to contact, to get it revoked.
Could it be useful to
It can be confusing even for people following these things. That's where I
think collecting problem reporting info from audited sub-CAs in CCADB would
help.
For everyone else, finding the correct problem reporting information is
mostly a matter of luck. Perhaps we should require an email address
On Sat, Dec 9, 2017 at 7:50 AM, Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Sat, 9 Dec 2017 09:51:59 +0100
> Hanno Böck via dev-security-policy
> wrote:
>
> > On Fri, 8 Dec 2017 16:43:48 -0700
> > Wayne Thayer via
On Sat, 9 Dec 2017 09:51:59 +0100
Hanno Böck via dev-security-policy
wrote:
> On Fri, 8 Dec 2017 16:43:48 -0700
> Wayne Thayer via dev-security-policy
> wrote:
>
> > The root CA is ultimately responsible for
On Fri, 8 Dec 2017 16:43:48 -0700
Wayne Thayer via dev-security-policy
wrote:
> The root CA is ultimately responsible for subordinate CAs it has
> signed.
I see a problem with that, as this is far from obvious.
If a random person discovers a problem
On Fri, Dec 08, 2017 at 11:55:46PM +0100, Hanno Böck via dev-security-policy
wrote:
> So I wonder: If a CA signs an intermediate - are they responsible
> making sure that reports brought to the subca are properly handled?
My first reaction would be if you sign it, you take
responsibility. That
On Fri, Dec 8, 2017 at 3:55 PM, Hanno Böck via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> So I wonder: If a CA signs an intermediate - are they responsible
> making sure that reports brought to the subca are properly handled?
>
> The root CA is ultimately responsible
Hi,
I guess this is of interest to the members of this list:
https://www.golem.de/news/microsoft-dynamics-365-wildcard-certificate-with-a-private-key-for-everyone-1712-131544.html
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
tl;dr Microsoft
9 matches
Mail list logo