On 22 September 2017 at 17:22, Rob Stradling
wrote:
> On 22/09/17 17:07, Richard Moore via dev-security-policy wrote:
>
>> I see, the one I saw in the wild was issued from the intermediate below
>> and
>> linked to the Gandi document however it was from 2014. That said,
On 22/09/17 17:07, Richard Moore via dev-security-policy wrote:
I see, the one I saw in the wild was issued from the intermediate below and
linked to the Gandi document however it was from 2014. That said, I don't
see the intermediate in crt.sh though that could just be me failing to use
the
I see, the one I saw in the wild was issued from the intermediate below and
linked to the Gandi document however it was from 2014. That said, I don't
see the intermediate in crt.sh though that could just be me failing to use
the site properly!
Cheers
Rich.
Certificate:
Data:
On 21/09/17 22:56, richmoore44--- via dev-security-policy wrote:
On Thursday, September 21, 2017 at 10:13:56 AM UTC+1, Rob Stradling wrote:
Our CPS has now been updated.
Will you be ensuring that CAs like Gandi who are chaining back to your roots
also update their CPS?
Gandi are a managed
On Thursday, September 21, 2017 at 10:13:56 AM UTC+1, Rob Stradling wrote:
> Our CPS has now been updated.
Will you be ensuring that CAs like Gandi who are chaining back to your roots
also update their CPS?
Regards
Rich.
___
dev-security-policy
On 08/09/17 20:24, Andrew Ayer via dev-security-policy wrote:
The BRs state:
"Effective as of 8 September 2017, section 4.2 of a CA's Certificate
Policy and/or Certification Practice Statement (section 4.1 for CAs
still conforming to RFC 2527) SHALL state the CA's policy or practice
on
On 15/09/17 09:38, richmoor...@gmail.com wrote:
> I suspect many smaller CAs are non-compliant too, for example gandi's CPS
> hasn't changed since 2009 according to its changelog.
>
> https://www.gandi.net/static/docs/en/gandi-certification-practice-statement.pdf
Thank you for bringing this to
I suspect many smaller CAs are non-compliant too, for example gandi's CPS
hasn't changed since 2009 according to its changelog.
https://www.gandi.net/static/docs/en/gandi-certification-practice-statement.pdf
Cheers
Rich.
___
dev-security-policy
On Friday, September 8, 2017 at 3:25:20 PM UTC-4, Andrew Ayer wrote:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy or
On Friday, September 8, 2017 at 3:25:20 PM UTC-4, Andrew Ayer wrote:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy or
El viernes, 8 de septiembre de 2017, 21:25:20 (UTC+2), Andrew Ayer escribió:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy
Let me pull the data and share it with you. For some reason we saw a few sub
domains right before the 8th. We added *.digicerts.com at the last minute until
we had time to figure out why. I suspect it's being caused by documentation or
a partner telling the customers the wrong thing. Once we
Hi Ben and Jeremy,
On 09/09/17 01:25, Ben Wilson wrote:
> Those are typos. See section 4.2.1 of our CPS posted here:
> https://www.digicert.com/wp-content/uploads/2017/09/DigiCert_CPS_v412.pdf
This reads:
"The Certification Authority CAA identifying domains for CAs within
DigiCert’s
Am Freitag, 8. September 2017 21:25:20 UTC+2 schrieb Andrew Ayer:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy or practice
I would have checked Sept 9th as Sept 8th at midnight would be the last
possible moment when the CPS could be updated and still be compliant.
> On Sep 9, 2017, at 3:33 PM, Andrew Ayer via dev-security-policy
> wrote:
>
> On Fri, 8 Sep 2017 15:22:52 -0700
On Fri, 8 Sep 2017 15:22:52 -0700 (PDT)
Andy Warner via dev-security-policy
wrote:
> Google Trust Services published updated CP & CPS versions earlier
> today covering CAA checking. I'd suggest checking all CAs again
> tomorrow. Given the range of timezones
On Friday, September 8, 2017 at 5:57:44 PM UTC-4, Jeremy Rowley wrote:
> Hi Andrew,
>
> I'm not certain how to update the previous Mozilla response with respect to
> CAA, but we added the following as authorized CAA records:
> Digicert.com
> *.digicert
> Digicert.net.jp
> Cybertrust.net.jp
>
>
Google Trust Services published updated CP & CPS versions earlier today
covering CAA checking. I'd suggest checking all CAs again tomorrow. Given the
range of timezones CA operational staffs operate across, some may not have had
a chance to publish their updates yet.
In terms of the 'rush' I
Responding from my personal account but I can confirm that Google Trust
Services does check CAA and our policy was updated earlier today to reflect
that.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Those are typos. See section 4.2.1 of our CPS posted here:
https://www.digicert.com/wp-content/uploads/2017/09/DigiCert_CPS_v412.pdf
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On
Behalf Of Samuel Pinder via
Hi Andrew,
I'm not certain how to update the previous Mozilla response with respect to
CAA, but we added the following as authorized CAA records:
Digicert.com
*.digicert
Digicert.net.jp
Cybertrust.net.jp
I wasn't sure if adding a wildcard to the CAA record is kosher, but I didn't
seem anything
On Fri, Sep 8, 2017 at 12:24 PM, Andrew Ayer via dev-security-policy
wrote:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to
Hey Andrew, we are checking CAA records at time of issuance. The CPS update
should publish today.
> On Sep 8, 2017, at 1:25 PM, Andrew Ayer via dev-security-policy
> wrote:
>
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's
23 matches
Mail list logo