Thank you for the update and for making it super clear, Robin.
-- Eric
On Thu, Nov 10, 2016 at 2:52 PM, Robin Alden wrote:
> Eric Mill, on 03 October 2016 03:14, said..
> > On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> > > On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> >
On 11/11/16 15:43, Nick Lamb wrote:
> My review (based on what I saw posted to CA/B mailing lists)
> suggested
> that there isn't active patent uncertainty at all for some Ballot 169
> methods. I would welcome more information if you have some.
Well, if previous IPR disclosures are, in fact, inval
On Friday, 11 November 2016 12:55:02 UTC, Gervase Markham wrote:
> If Microsoft are going to do this, maybe it's a moot point, but my
> current feeling is that requiring CAs to implement exactly one of the
> methods from ballot 169, at a time when all methods are under a greater
> or smaller IPR u
On 10/11/16 19:52, Robin Alden wrote:
> To avoid suggestions of weasel-words around the CA/B forum's struggle with
> their IP policy my understanding is that at least Microsoft, and I hope
> other browsers too, will incorporate the Ballot 169 wording into their
> policy regardless of whether the CA
On Thursday, 10 November 2016 19:53:25 UTC, Robin Alden wrote:
> I can't speak to your assumptions, but I concede that it is not explicit in
> the CPS.
>
> It is now documented at
> https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf
> and in the knowledgebase article at:
>
Nick Lamb, on 02 October 2016 17:50, said..
> The first thing that jumps out at me from their report is that they
mistake .sb
> for a gTLD when it is actually a ccTLD.
That was a mistake in writing the report.
The point is that it is a TLD.
> The second thing obviously is that they do have exactl
Eric Mill, on 03 October 2016 03:14, said..
> On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> > On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > > There is some good news. The CA/Browser Forum has already addressed
> > > this, even prior to the current discussions. Ballot 169
On 04/10/16 14:19, Nick Lamb wrote:
> That's why I proposed Mozilla might like to write this to CA/B or in
> a group CA communication, because I would be astonished if WoSign and
> Comodo are the only CAs to have such special "rules" that defeat the
> purpose of the validation step, or if this is t
On Tuesday, 4 October 2016 12:21:47 UTC+1, Rob Stradling wrote:
> When we are required (by CABForum and/or root program requirements) to
> do , we will of course undertake to do .
>
> There are lots of s that we are already required to do. We
> haven't tended to issue a separate announcement for
On 03/10/16 02:23, Nick Lamb wrote:
> Comodo's document never actually says that they're abolishing this "rule" as
> a result of Ballot 169. It lets you choose to draw that implication, by
> specifying that their current practices pre-date Ballot 169's changes, but it
> never says as much.
Nic
On 02/10/16 17:49, Nick Lamb wrote:
> On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
>> https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg04274.html
>
> Thanks, I too could not find this in Google Groups. That is a little
> concerning as I had assumed this was
-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Man Ho (Certizen)
Sent: Monday, October 3, 2016 2:55 AM
To: Peter Bowen
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Comodo issued a certificate for an extension
On 10/3/2016 11:50 AM, Peter
On 10/3/2016 11:50 AM, Peter Bowen wrote:
> 3.2.2.4.4, 3.2.2.4.6, 3.2.2.4.9, and 3.2.2.4.10 all use the newly
> defined "Authorization Domain Name", which should avoid this in the
> future.
Thank you for pointing me to those sections, but my confusion may be
starting from the definition of "Author
You are correct, I was not clear.
3.2.2.4.4, 3.2.2.4.6, 3.2.2.4.9, and 3.2.2.4.10 all use the newly
defined "Authorization Domain Name", which should avoid this in the
future.
3.2.2.4.7 is actually the outlier, in that it allows _
(underscore + some label) prefixed to the name being validated. I
Peter,
I'm confused why only the section 3.2.2.4.7 specifically addresses this
concern, and how. If only it does, would it implies that CA must use
this method of section 3.2.2.4.7 to validate a Base Domain Name, which
happened to be an Authorization Domain Name requested by the applicant ?
Howeve
On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > There is some good news. The CA/Browser Forum has already addressed
> > this, even prior to the current discussions. Ballot 169
> > (https://cabforum.org/2016/08/05/ballot-169-rev
On Sun, Oct 2, 2016 at 6:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
>
>> Under the new rules, which should be in
>> effect as of 1 March 2017, validating www. will not be a valid
>> method of showing control of . The name is true for any valid
>> hostn
On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> There is some good news. The CA/Browser Forum has already addressed
> this, even prior to the current discussions. Ballot 169
> (https://cabforum.org/2016/08/05/ballot-169-revised-validation-requirements/)
> revises 3.2.2.4 considerab
On Sun, Oct 2, 2016 at 9:49 AM, Nick Lamb wrote:
>
> The second thing obviously is that they do have exactly the "rule" Richard
> Wang described, and they believe this was justified under the BRs old 3.2.2.4
> method 7 (which isn't a method at all, it's basically a catch-all).
>
> I think that's
On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
> https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg04274.html
Thanks, I too could not find this in Google Groups. That is a little concerning
as I had assumed this was the authoritative source, since it's linked
On 02/10/16 12:01, Jason Milionis wrote:
> Still no response from COMODO CA, that's interesting, but why?
They published an incident report a couple of days ago. For some reason,
it's not visible in the Google Groups archive of m.d.s.p (at least for
me). Here's an alternative link:
https://www.ma
Still no response from COMODO CA, that's interesting, but why?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Saturday, September 24, 2016 at 7:07:39 AM UTC+8, Showfom wrote:
> First, let me introduce myself, I'm a famous investor of ccTLD domains from
> China.
>
> Recently we get an easy-remember domain www.sb, please note the extension is
> .sb
>
> I ordered a Comodo Positive SSL for this domain,
On Sunday, September 25, 2016 at 6:24:11 AM UTC+8, Percy wrote:
> Ha! @Showfom perhaps you should try getting a widecard cert from them and
> consequently obtain a cert for all *.sb domains.
I tried to get cert from StartSSL, they will only issue www.sb or www.www.sb,
that's good.
__
On Sunday, September 25, 2016 at 6:14:06 PM UTC-7, Richard Wang wrote:
> This rule is ok for more case, but for this case, it is wrong.
This rule is NEVER ok. Please re-read the BRs to understand why.
> There is another bug that it means Comodo don't have the gTLD blocking system
> that accordin
2016 1:29 AM
To: 'Peter Bowen' ; 'Nick Lamb'
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Comodo issued a certificate for an extension
Hi All,
We did receive a direct report of the problem yesterday (24th
September) from a Mozilla rep., thanks, and we undert
Of Peter Bowen
> Sent: 25 September 2016 17:37
> To: Nick Lamb
> Cc: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Comodo issued a certificate for an extension
>
> On Sun, Sep 25, 2016 at 9:19 AM, Nick Lamb wrote:
> > On Sunday, 25 September 2016 15:35:07
On Sun, Sep 25, 2016 at 9:19 AM, Nick Lamb wrote:
> On Sunday, 25 September 2016 15:35:07 UTC+1, mono...@gmail.com wrote:
>> am I the only one who a) thinks this is slightly problematic and b) is
>> surprised that the cert still isn't revoked?
>
> I don't know enough about the .sb ccTLD to be cl
On Sunday, 25 September 2016 15:35:07 UTC+1, mono...@gmail.com wrote:
> am I the only one who a) thinks this is slightly problematic and b) is
> surprised that the cert still isn't revoked?
I don't know enough about the .sb ccTLD to be clear how problematic the
described scenario is. I would ce
am I the only one who a) thinks this is slightly problematic and b) is
surprised that the cert still isn't revoked?
Cheers,
mono
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-po
Ha! @Showfom perhaps you should try getting a widecard cert from them and
consequently obtain a cert for all *.sb domains.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
so no need to say
> sorry, I NEVER say this word again.
>
>
> Regards,
>
> Richard
>
> -Original Message-
> From: dev-security-policy
> [mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
> Behalf Of Showfom
> Sent: Saturday, Septemb
Saturday, September 24, 2016 2:30 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Comodo issued a certificate for an extension
First, let me introduce myself, I'm a famous investor of ccTLD domains from
China.
Recently we get an easy-remember domain www.sb, please note the exte
, September 24, 2016 2:30 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Comodo issued a certificate for an extension
First, let me introduce myself, I'm a famous investor of ccTLD domains from
China.
Recently we get an easy-remember domain www.sb, please note the extensio
First, let me introduce myself, I'm a famous investor of ccTLD domains from
China.
Recently we get an easy-remember domain www.sb, please note the extension is .sb
I ordered a Comodo Positive SSL for this domain, the common name which I submit
is www.sb
Usually they will give us a certificate
35 matches
Mail list logo
