ary 10, 2019 4:47 PM
> To: Wayne Thayer
> Cc: Alex Cohn ; Alex Gaynor ;
> mozilla-dev-security-pol...@lists.mozilla.org; Buschart, Rufus
> ; Hanno Böck
> Subject: RE: AlwaysOnSSL web security issues
>
> Yes – we will do so. We’ve encouraged all customers to not generate
Böck
; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: AlwaysOnSSL web security issues
Thanks Jeremy. The fact that CertCenter is just a reseller and not an RA was
not obvious to me. To your point, building an insecure website on top of a CA's
API does not strike me as something
Thursday, January 10, 2019 7:10 AM
> To: Buschart, Rufus
> Cc: Alex Cohn ;
> mozilla-dev-security-pol...@lists.mozilla.org; Hanno Böck >
> Subject: Re: AlwaysOnSSL web security issues
>
> The Mozilla policy does not prohibit backdating, except when it's used to
> evade time
On 10/01/2019 19:00, Jeremy Rowley wrote:
> A couple of thoughts:
> 1) CertCenter is not a CA or RA. They have a custom named ICA that is hosted
> and operated by DigiCert. All validation, issuance, and linting is performed
> by DigiCert prior to issuance.
> 2) Lots of cert customers have insecur
10 AM
To: Buschart, Rufus
Cc: Alex Cohn ;
mozilla-dev-security-pol...@lists.mozilla.org; Hanno Böck
Subject: Re: AlwaysOnSSL web security issues
The Mozilla policy does not prohibit backdating, except when it's used to evade
time-based policy controls.
Backdating certs by a few hours is
The Mozilla policy does not prohibit backdating, except when it's used to
evade time-based policy controls.
Backdating certs by a few hours is a relatively common practice to minimize
breakages for consumers with busted clocks.
Alex
On Thu, Jan 10, 2019 at 4:43 AM Buschart, Rufus via dev-securit
Hi,
It appears AlwaysOnSSL is not completely disabled - if we trust CT as
a timestamping service, [1] was issued after Hanno's email.
I believe AlwaysOnSSL has at least two separate paths to issuance - in
addition to the website, there's also an API on CertCenter's website.
[2] While reading the
7 matches
Mail list logo