: DigiCert .onion certificates without Tor Service Descriptor Hash
extension
On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org> > wrote:
7. List of steps your CA is taking to resolve the situation and
ensure such issuance will not be repea
On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy wrote:7. List of steps your CA is taking to resolve the situation and
ensure such issuance will not be repeated in the future, accompanied
with a timeline of when your CA expects to accomplish these things.
We revoked the certificat
g gain by including it, but I
> doubt there's strong incentives to change the guidelines right now. We'll
> modify to include it.
>
> -Original Message-
> From: Alex Cohn
> Sent: Monday, March 12, 2018 6:55 PM
> To: Jeremy Rowley
> Cc: mozilla-dev-security-po
on certificates without Tor Service Descriptor Hash
extension
Thanks, Jeremy.
I also found a certificate [1] with both 16-character.onion and
56-character.onion addresses [2] listed in the SAN. The v3 address is not
included in the 2.23.140.1.31 extension, which seems to violate the same rule
as bel
Thanks, Jeremy.
I also found a certificate [1] with both 16-character.onion and
56-character.onion addresses [2] listed in the SAN. The v3 address is
not included in the 2.23.140.1.31 extension, which seems to violate
the same rule as below. However, v3 addresses include the service's
entire publi
Thanks Alex. Sorry for the delayed response. I've been traveling today.
We're reaching out to each of the customers and getting their cert replaced.
Looking into this, we did not correctly implement the ballot:
1. We didn't add a check to our backend system too verify the cert included
a descript
6 matches
Mail list logo