Re: How long to resolve unaudited unconstrained intermediates?

On 20/07/17 15:24, Gervase Markham via dev-security-policy wrote: On 12/07/17 21:18, Ben Wilson wrote: For CAs with emailProtection and proper name constraints, where would such CAs appear in https://crt.sh/mozilla-disclosures? https://crt.sh/mozilla-disclosures#constrainedother? Or a new se

Re: How long to resolve unaudited unconstrained intermediates?

On 12/07/17 21:18, Ben Wilson wrote: > For CAs with emailProtection and proper name constraints, where would such > CAs appear in > https://crt.sh/mozilla-disclosures? > > https://crt.sh/mozilla-disclo

Re: How long to resolve unaudited unconstrained intermediates?

On Wed, Jul 12, 2017 at 12:12:13PM -0400, Ryan Sleevi wrote: > > Consider, for example, a client that does not support path discovery > (which, for example, includes most actively-deployed OpenSSL versions). If > one were to extract certdata.txt into trust and distrust records, with the > algorith

RE: How long to resolve unaudited unconstrained intermediates?

alf Of Nick Lamb via dev-security-policy Sent: Tuesday, July 11, 2017 7:57 AM To: mozilla-dev-security-pol...@lists.mozilla.org <mailto:mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: How long to resolve unaudited unconstrained intermediates? On Tuesday, 11 July 2017 10:56:43 UTC

Re: How long to resolve unaudited unconstrained intermediates?

On Wed, Jul 12, 2017 at 10:40 AM, Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2017-07-12 16:12, Ryan Sleevi wrote: > >> I don't know if this currently happens, but I would like to see all CA >>> certificates that are in OneCRL but are not revoked to be

Re: How long to resolve unaudited unconstrained intermediates?

On 2017-07-12 16:12, Ryan Sleevi wrote: I don't know if this currently happens, but I would like to see all CA certificates that are in OneCRL but are not revoked to be added to the root store as distrusted too. Why? I can share reasons why it might not be desirable, but rather than start out

Re: How long to resolve unaudited unconstrained intermediates?

On Wed, Jul 12, 2017 at 6:03 AM, Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2017-07-11 15:56, Nick Lamb wrote: > >> On Tuesday, 11 July 2017 10:56:43 UTC+1, Kurt Roeckx wrote:> >> >>> So at least some of them have been notified more than 3 months ago,

Re: How long to resolve unaudited unconstrained intermediates?

On 2017-07-11 15:56, Nick Lamb wrote: On Tuesday, 11 July 2017 10:56:43 UTC+1, Kurt Roeckx wrote:> So at least some of them have been notified more than 3 months ago, and a bug was filed a month later. I think you already gave them too much time to at least respond to it, and suggest that you s

Re: How long to resolve unaudited unconstrained intermediates?

-dev-security-pol...@lists.mozilla.org > Subject: Re: How long to resolve unaudited unconstrained intermediates? > > On Tuesday, 11 July 2017 10:56:43 UTC+1, Kurt Roeckx wrote:> > > So at least some of them have been notified more than 3 months ago, > > and a bug was filed a mo

RE: How long to resolve unaudited unconstrained intermediates?

ginal Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of Nick Lamb via dev-security-policy Sent: Tuesday, July 11, 2017 7:57 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: How long to resolve unau

Re: How long to resolve unaudited unconstrained intermediates?

On Tuesday, 11 July 2017 10:56:43 UTC+1, Kurt Roeckx wrote:> > So at least some of them have been notified more than 3 months ago, and > a bug was filed a month later. I think you already gave them too much > time to at least respond to it, and suggest that you sent a new email > indicating th

Re: How long to resolve unaudited unconstrained intermediates?

On 2017-07-10 18:35, Alex Gaynor wrote: Hi all, I wanted to call some attention to a few intermediates which have been hanging out in the "Audit required" section for quite a while: https://crt.sh/mozilla-disclosures#disclosureincomplete Specifically, the TurkTrust and Firmaprofesional ones. Bo