Re: GoDaddy Revocation Disclosure

2019-03-12 Thread Ryan Sleevi via dev-security-policy
On Tue, Mar 12, 2019 at 4:38 PM Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I think the primary change I’m proposing is that the initial report > shouldn’t be an incident report. Instead, the initial report can be short > blurb posted to Mozilla along

RE: GoDaddy Revocation Disclosure

2019-03-12 Thread Jeremy Rowley via dev-security-policy
the incident. Jeremy From: Ryan Sleevi Sent: Tuesday, March 12, 2019 2:31 PM To: Jeremy Rowley Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: GoDaddy Revocation Disclosure On Tue, Mar 12, 2019 at 4:17 PM Jeremy Rowley via dev-security-policy mailto:dev-security

Re: GoDaddy Revocation Disclosure

2019-03-12 Thread Ryan Sleevi via dev-security-policy
On Tue, Mar 12, 2019 at 4:17 PM Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > A new flow that includes the community more fully could be: > 1) Post to Mozilla, the post must include an initial proposed plan of > action > 2) Create an incident report (to

RE: GoDaddy Revocation Disclosure

2019-03-12 Thread Jeremy Rowley via dev-security-policy
M To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: GoDaddy Revocation Disclosure On Saturday, August 18, 2018 at 2:27:05 PM UTC-7, Ben Laurie wrote: > On Fri, 17 Aug 2018 at 18:22, Daymion Reynolds via dev-security-policy > < dev-security-policy@lists.mozilla.org> wrote: > > > Rev

Re: GoDaddy Revocation Disclosure

2018-08-20 Thread Daymion Reynolds via dev-security-policy
On Monday, August 20, 2018 at 10:40:15 AM UTC-7, Wayne Thayer wrote: > Thank you for the disclosure Daymion. I have created bug 1484766 to track > this issue. I've requested an incident report to help the community better > understand what happened and what can and is being done to prevent similar

Re: GoDaddy Revocation Disclosure

2018-08-20 Thread Wayne Thayer via dev-security-policy
Thank you for the disclosure Daymion. I have created bug 1484766 to track this issue. I've requested an incident report to help the community better understand what happened and what can and is being done to prevent similar problems in the future, as described in the last two topics [1]: 6.

Re: GoDaddy Revocation Disclosure

2018-08-20 Thread Daymion Reynolds via dev-security-policy
On Saturday, August 18, 2018 at 2:27:05 PM UTC-7, Ben Laurie wrote: > On Fri, 17 Aug 2018 at 18:22, Daymion Reynolds via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > Revoke Disclosure > > > > GoDaddy has been proactively performing self-audits. As part of this > >

Re: GoDaddy Revocation Disclosure

2018-08-18 Thread Ben Laurie via dev-security-policy
On Fri, 17 Aug 2018 at 18:22, Daymion Reynolds via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Revoke Disclosure > > GoDaddy has been proactively performing self-audits. As part of this > process, we identified a vulnerability in our code that would allow our >