Re: Certificate issues

2017-04-24 Thread Jakob Bohm via dev-security-policy
On 21/04/2017 21:29, Nick Lamb wrote: On Tuesday, 18 April 2017 18:33:29 UTC+1, Jakob Bohm wrote: I believe the point was to check the prospective contents of the TBSCertificate *before* CT logging (noting that Ryan Sleevi has been violently insisting that failing to do that shall be punished

Re: Certificate issues

2017-04-21 Thread Nick Lamb via dev-security-policy
On Tuesday, 18 April 2017 18:33:29 UTC+1, Jakob Bohm wrote: > I believe the point was to check the prospective contents of the > TBSCertificate *before* CT logging (noting that Ryan Sleevi has been > violently insisting that failing to do that shall be punished as > harshly as actual misissuance)

Re: Certificate issues

2017-04-18 Thread Ryan Sleevi via dev-security-policy
On Tue, Apr 18, 2017 at 1:32 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I believe the point was to check the prospective contents of the > TBSCertificate *before* CT logging (noting that Ryan Sleevi has been > violently insisting that failing to do

Re: Certificate issues

2017-04-18 Thread Jakob Bohm via dev-security-policy
On 18/04/2017 18:47, Nick Lamb wrote: Hi Jeremy Given the small number of certificates involved, it might make sense to just convert them to text and mention them inline, or put them somewhere we can all see them - if it's inconvenient to put them into the CT logs. I think this situation

RE: Certificate issues

2017-04-18 Thread Jeremy Rowley via dev-security-policy
-policy Sent: Tuesday, April 18, 2017 10:59 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Certificate issues On 18/04/17 17:22, Ryan Sleevi wrote: > On Tue, Apr 18, 2017 at 12:09 PM, Jeremy Rowley via > dev-security-policy < dev-security-policy@lists.mozilla.org> wr

Re: Certificate issues

2017-04-18 Thread Gervase Markham via dev-security-policy
On 18/04/17 17:22, Ryan Sleevi wrote: > On Tue, Apr 18, 2017 at 12:09 PM, Jeremy Rowley via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: >> code signing certificates into a pseudo- SSL profile. Because they were >> intended to be code signing certificates, the certificates

Re: Certificate issues

2017-04-18 Thread Nick Lamb via dev-security-policy
Hi Jeremy Given the small number of certificates involved, it might make sense to just convert them to text and mention them inline, or put them somewhere we can all see them - if it's inconvenient to put them into the CT logs. I think this situation will be useful as evidence of the value of

RE: Certificate issues

2017-04-18 Thread Jeremy Rowley via dev-security-policy
la-dev-security-pol...@lists.mozilla.org Subject: Re: Certificate issues On Tue, Apr 18, 2017 at 12:09 PM, Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists.mozilla.org> > wrote: Hi everyone, On Friday at 1:00 pm, we acc

Re: Certificate issues

2017-04-18 Thread Ryan Sleevi via dev-security-policy
On Tue, Apr 18, 2017 at 12:09 PM, Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi everyone, > > > > On Friday at 1:00 pm, we accidently introduced a bug into our issuance > system that resulted in five serverAuth-code signing certificates that did > not

Certificate issues

2017-04-18 Thread Jeremy Rowley via dev-security-policy
Hi everyone, On Friday at 1:00 pm, we accidently introduced a bug into our issuance system that resulted in five serverAuth-code signing certificates that did not comply with the Baseline Requirements. The change modified a handful of code signing certificates into a pseudo- SSL profile.