This discussion has covered a lot of ground. Here are my comments:
1. Nazwa is not independently audited, nor are they a member of the Mozilla
root program. I am also unable to locate any information that makes Nazwa
an Affiliate of Certum. I believe they are simply a Certum reseller. In
this
with the browser and public
From: Ryan Sleevi
Sent: Saturday, July 28, 2018 8:25 PM
To: Jeremy Rowley
Cc: Jakob Bohm ; Tim Hollebeek
; mozilla-dev-security-pol...@lists.mozilla.org;
r...@sleevi.com
Subject: Re: Possible violation of CAA by nazwa.pl
On Sat, Jul 28, 2018 at 2:17 PM Jeremy
On 27/07/2018 08:46, Jakob Bohm wrote:
On 26/07/2018 23:04, Matthew Hardeman wrote:
On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
The party actually running the authoritative DNS servers is in control
of the domain.
I'm
018 8:01 PM
> To: Tim Hollebeek
> Cc: mozilla-dev-security-pol...@lists.mozilla.org; Jakob Bohm <
> jb-mozi...@wisemo.com>
> Subject: Re: Possible violation of CAA by nazwa.pl
>
> I disagree that a series of categories is good or helpful to the community.
>
> I thin
-security-policy
On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Friday, July 27, 2018 8:01 PM
To: Tim Hollebeek
Cc: mozilla-dev-security-pol...@lists.mozilla.org; Jakob Bohm
Subject: Re: Possible violation of CAA by nazwa.pl
I disagree that a series of categories is good or helpful
um.
>
> -Tim
>
> > -Original Message-
> > From: dev-security-policy > bounces+tim.hollebeek=digicert@lists.mozilla.org> On Behalf Of Jakob
> > Bohm via dev-security-policy
> > Sent: Friday, July 27, 2018 2:46 AM
> > To: mozilla-dev-security-po
.
-Tim
> -Original Message-
> From: dev-security-policy bounces+tim.hollebeek=digicert@lists.mozilla.org> On Behalf Of Jakob
> Bohm via dev-security-policy
> Sent: Friday, July 27, 2018 2:46 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Poss
Thanks Jakob, I think you summed things up well.
-tom
On 27 July 2018 at 01:46, Jakob Bohm via dev-security-policy
wrote:
> On 26/07/2018 23:04, Matthew Hardeman wrote:
>>
>> On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
On 26/07/2018 23:04, Matthew Hardeman wrote:
On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
The party actually running the authoritative DNS servers is in control
of the domain.
I'm not sure I agree. They can control the
On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> > The party actually running the authoritative DNS servers is in control
> of the domain.
>
> I'm not sure I agree. They can control the domain, but they are supposed
> to be
> The party actually running the authoritative DNS servers is in
control of the domain.
I'm not sure I agree. They can control the domain, but they are supposed
to be subordinate of the domain owner. If they did something without the
owner consent/approval, it really looks like a domain
I think the whole point of domain validation certificates is taking the
human part out of it and verifying technical control of the domain as the
standard upon which to base issuance.
Since the CA is also the DNS server, it's more or less a given that they
certainly can or would successfully
On Wednesday, 25 July 2018 21:08:59 UTC, michel.le...@gmail.com wrote:
> Hello,
>
> My domain registrar who is also a certificate authority just issued a
> precertificate (visible in CT logs) and a valid
> certificate for my domain. This is part of their new offer to automatically
> offer free
W dniu 25.07.2018 o 23:21, Quirin Scheitle via dev-security-policy pisze:
Hi Michel,
On 23. Jul 2018, at 22:36, michel.lebihan2000--- via dev-security-policy
wrote:
I think my domain registrar just violated my CAA by issuing that
certificate. Where they allowed to issue this certificate?
Yes, I thought there was an exemption for that also.
The A-DNS operator could always just momentarily change the records to
authorize anyway, so why bother with the check?
On Wed, Jul 25, 2018 at 4:21 PM, Quirin Scheitle via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
Hi Michel,
> On 23. Jul 2018, at 22:36, michel.lebihan2000--- via dev-security-policy
> wrote:
>
> I think my domain registrar just violated my CAA by issuing that
> certificate. Where they allowed to issue this certificate?
the name servers for lebihan.pl are ns[1-3].nazwa.pl. , which
16 matches
Mail list logo