On Wed, Aug 28, 2019 at 12:36 PM Jeremy Rowley
wrote:
> I've always thought the reason OV/EV ballots haven't been proposed/passed
> is combination of a lack of interest from the browsers and the fact that
> governance reform seems to get in the way of everything else. I've for
> proposed tons
that we put
forward/sponsor. LMK
-Original Message-
From: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Wednesday, August 28, 2019 9:02 AM
To: Corey Bonnell
Cc: mozilla-dev-security-policy
Subject: Re: GlobalSign: SSL Certificates with US country code and invalid
nell via dev-security-policy <
> dev-security-policy@lists.mozilla.org>
> > Sent: Thursday, August 22, 2019 8:57:42 PM
> > To: Doug Beattie ;
> mozilla-dev-security-pol...@lists.mozilla.org <
> mozilla-dev-security-pol...@lists.mozilla.org>
> > Subject: Re: Global
On Wed, Aug 28, 2019 at 7:13 AM Corey Bonnell via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Anyhow, judging from censys.io, it looks like there are far bigger
> offenders of this particular quirky rule than Digicert and GlobalSign. I'd
> love to know why the BRs/EVGs
Beattie
; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: GlobalSign: SSL Certificates with US country code and invalid
State/Prov
It's a trap. I do wish memes showed up here
Censys shows something like 130 globalsign certs with abbreviated joi info. I
think we show 16
:42 PM
To: Doug Beattie ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: GlobalSign: SSL Certificates with US country code and invalid
State/Prov
Hi Doug,
Thank for you for posting this incident report to the list. I have one
clarifying question in regard to the correctness criteria
Today we opened a bug disclosing misissuance of some certificates that have
invalid State/Prov values:
https://bugzilla.mozilla.org/show_bug.cgi?id=1575880
On Tuesday August 20th 2019, GlobalSign was notified by a third party
through the report abuse email address that two certificates
7 matches
Mail list logo
