-
From: dev-security-policy On
Behalf Of Jakob Bohm via dev-security-policy
Sent: Monday, April 15, 2019 4:58 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
Thanks for the explanation.
Is it possible
According to Jeremy (see below), that was not the situation.
On 15/04/2019 14:09, Man Ho wrote:
I don't think that it's trivial for less-skilled user to obtain the CSR
of "DigiCert Global Root G2" certificate and posting it in the request
of another certificate, right?
On 15-Apr-19 6:57 PM,
gt; On Behalf Of Wayne
>> Thayer via dev-security-policy
>> Sent: Friday, April 12, 2019 10:39 AM
>> To: Jakob Bohm
>> Cc: mozilla-dev-security-policy
>>
>> Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
>>
>> It's not clear
-policy
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
It's not clear that there is anything for DigiCert to respond to. Are we
asserting that the existence of this Arabtec certificate is proof that DigiCert
violated section 3.2.1 of their CPS?
- Wayne
On Thu, Apr 11, 2019
On Fri, 12 Apr 2019 16:56:23 +
Jeremy Rowley via dev-security-policy
wrote:
> I don't mind filling in details.
>
> We have a system that permits creation of certificates without a CSR
> that works by extracting the key from an existing cert, validating
> the domain/org information, and
riday, April 12, 2019 10:56 AM
To: Wayne Thayer mailto:wtha...@mozilla.com> >; Jakob
Bohm mailto:jb-mozi...@wisemo.com> >
Cc: mozilla-dev-security-policy mailto:mozilla-dev-security-pol...@lists.mozilla.org> >
Subject: RE: Arabtec Holding public key? [Weird Digicert issu
v-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>
> Subject: RE: Arabtec Holding public key? [Weird Digicert issued cert]
>
> I don't mind filling in details.
>
> We have a system that permits creation of certificates without a CSR that
> works by
To: Wayne Thayer ; Jakob Bohm
Cc: mozilla-dev-security-policy
Subject: RE: Arabtec Holding public key? [Weird Digicert issued cert]
I don't mind filling in details.
We have a system that permits creation of certificates without a CSR that works
by extracting the key from an existing cert
so far).
-Original Message-
From: dev-security-policy On
Behalf Of Wayne Thayer via dev-security-policy
Sent: Friday, April 12, 2019 10:39 AM
To: Jakob Bohm
Cc: mozilla-dev-security-policy
Subject: Re: Arabtec Holding public key? [Weird Digicert issued cert]
It's not clear
It's not clear that there is anything for DigiCert to respond to. Are we
asserting that the existence of this Arabtec certificate is proof that
DigiCert violated section 3.2.1 of their CPS?
- Wayne
On Thu, Apr 11, 2019 at 6:57 PM Jakob Bohm via dev-security-policy <
On 11/04/2019 04:47, Santhan Raj wrote:
On Wednesday, April 10, 2019 at 5:53:45 PM UTC-7, Corey Bonnell wrote:
On Wednesday, April 10, 2019 at 7:41:33 PM UTC-4, Nick Lamb wrote:
(Resending after I typo'd the ML address)
At the risk of further embarrassing myself in the same week, while
11 matches
Mail list logo