Re: DigiCert Assured ID Root CA and Global Root CA EV Request

Rob Stradling via dev-security-policy writes: >The public exponent (65537) in https://crt.sh/?asn1=628933973 is encoded as >02 04 00 01 00 01 (02=INTEGER, 04=length in bytes), whereas the only valid >encoding is 02 03 01 00 01. Yep, this is what dumpasn1 says about it: 5574: INT

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

Hi Jeremy. Comments inline... On 14/12/2018 02:23, Jeremy Rowley via dev-security-policy wrote: > Here’s the breakdown: > > FATAL: x509: RSA modulus is not a positive number > > Bad reading of the BRs. The BRs say the range should be between 2^16+1 and > 2^256-1. The team implementing thi

RE: DigiCert Assured ID Root CA and Global Root CA EV Request

l s/MIME policy. Thanks Wayne. I can confirm we will revoke all mis-issued certs. From: Wayne Thayer Sent: Thursday, December 13, 2018 5:34 PM To: Jeremy Rowley Cc: Ryan Sleevi ; mozilla-dev-security-policy Subject: Re: DigiCert Assured ID Root CA and Global Root CA EV Request

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

My main concern with this request is the misissued certificates identified by linters that have not been revoked - I have included my comments and links from the original message below. It appears that DigiCert is not planning to remediate these certificates - can a representative from DigiCert co

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

Sure, my intent was to keep it narrowed to understanding the potential impact to this conversation. I raise this concern because I think it would reflect poorly if these certificates were not revoked. There has been past precedent - e.g. not granting EV to Turktrust after misissuance came to light

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

heir name... > > > -Original Message- > From: dev-security-policy > On Behalf Of Ryan Sleevi via dev-security-policy > Sent: Thursday, November 29, 2018 12:19 PM > To: Wayne Thayer > Cc: mozilla-dev-security-policy < > mozilla-dev-security-pol...@lists.mozill

RE: DigiCert Assured ID Root CA and Global Root CA EV Request

November 29, 2018 12:19 PM To: Wayne Thayer Cc: mozilla-dev-security-policy Subject: Re: DigiCert Assured ID Root CA and Global Root CA EV Request This deadline is roughly five weeks before all underscore certificates must be revoked (per Ballot SC12). Given the number of underscore certif

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

This deadline is roughly five weeks before all underscore certificates must be revoked (per Ballot SC12). Given the number of underscore certificates under various DigiCert operated hierarchies, would you think it appropriate to consider whether or not SC12 (and, prior to that, the existing BR requ

Re: DigiCert Assured ID Root CA and Global Root CA EV Request

Reminder: the 3-week discussion period for this request to EV-enable two DigiCert roots ends next Friday 7-December. - Wayne On Fri, Nov 16, 2018 at 5:00 PM Wayne Thayer wrote: > This request is to enable EV treatment for the DigiCert Assured ID Root CA > and DigiCert Global Root CA as document