Dear m.d.s.p,
We wanted to follow-up to this thread and give a brief update.
We have revoked all but 26 of the affected certificates and are working with
the associated subscribers to enable a smooth transition prior to revocation
which will occur as each certificate is replaced or by 2019-03-3
We have attached two files to the bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=1532842), one that provides a
list of all certificates issued after ballot 164 that contain 63 bit serial
numbers and one that lists all certificates in that set that have not yet been
revoked.
Ryan Hurst
Googl
Posting from a personal account but commenting in a professional capacity.
Our decision not to include the list was intended for brevity sake only. It is
a reasonable request to provide a CSV and we will do that within 24 hours.
Regarding the number of subscribers, yes in this case it is appropr
Ryan,
Thanks for providing the update. One area that I do need to push back on is
the disclosure of the 100K certificates mentioned.
As demonstrated through past CA distrust discussions and whose need is
evidenced by past incident reports, one of the purposes of having CAs
disclose the affected c
I have created a bug to track this issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=1532842
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Sleevi,
Thanks you for the links to both the reporting requirements and the underscore
issue with DigiCert.
Regarding the statement about the severity of the issue, it was not intended to
diminish the non-compliance. Instead it was an attempt to frame the issue with
sufficient context to help
On Tue, Mar 5, 2019 at 1:47 PM Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear m.d.s.p,
>
> We wanted to follow-up to this thread and give an update.
>
> We have decided to replace and revoke the certificates with 63 bit serial
> numbers, so far we have fi
Dear m.d.s.p,
We wanted to follow-up to this thread and give an update.
We have decided to replace and revoke the certificates with 63 bit serial
numbers, so far we have finished about 95% of the affected certificates.
We are actively working with the remaining subscribers to replace their
c
Dear m.d.s.p,
We at Google Trust Services have been following the thread discussing Dark
Matter’s root inclusion request. In particular the elements of the thread that
discuss the EJBCA serial number generation logic stood out to us.
This is because we use EJBCA for some of our own CAs. This e
9 matches
Mail list logo
