gt; Cc: Alex Cohn ; summern1...@gmail.com; mozilla-
> dev-security-policy@lists.mozilla.org; #SSL_ABUSE
>
> Subject: Re: localhost.megasyncloopback.mega.nz private key in client
>
> On Sun, 5 Aug 2018 15:23:42 -0500
> Alex Cohn via dev-security-policy
> wrote:
>
> >
018 10:26 AM
> To: r...@sleevi.com
> Cc: Alex Cohn ; mozilla-dev-security-
> pol...@lists.mozilla.org; ha...@hboeck.de; ssl_ab...@comodoca.com;
> summern1...@gmail.com
> Subject: RE: localhost.megasyncloopback.mega.nz private key in client
>
> Yup, it was Mozilla polic
:15 AM
To: Tim Hollebeek
Cc: Alex Cohn ; ha...@hboeck.de;
mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com;
summern1...@gmail.com
Subject: Re: localhost.megasyncloopback.mega.nz private key in client
Unfortunately, that's not correct. The CA/Browser Forum has passed
: Re: localhost.megasyncloopback.mega.nz private key in client
On Thu, 9 Aug 2018 13:24:48 +
Jay Wilson via dev-security-policy
wrote:
> The certificate has been revoked.
> The bounce issue has been escalated to resolve.
Really?
$ ocspverify 630835231.crt
Response verify OK
6308352
On Thu, 9 Aug 2018 13:24:48 +
Jay Wilson via dev-security-policy
wrote:
> The certificate has been revoked.
> The bounce issue has been escalated to resolve.
Really?
$ ocspverify 630835231.crt
Response verify OK
630835231.crt: good
This Update: Aug 4 15:34:50 2018 GMT
gt; -Tim
> >
> > > -Original Message-
> > > From: dev-security-policy <
> dev-security-policy-boun...@lists.mozilla.org>
> > On
> > > Behalf Of Alex Cohn via dev-security-policy
> > > Sent: Wednesday, August 8, 2018 4:01 PM
> > > T
+Adding Robin Alden and Richard Smith
From: Ryan Sleevi
Sent: Thursday, August 09, 2018 8:15 AM
To: Tim Hollebeek
Cc: Alex Cohn ; ha...@hboeck.de;
mozilla-dev-security-pol...@lists.mozilla.org; #SSL_ABUSE
; summern1...@gmail.com
Subject: Re: localhost.megasyncloopback.mega.nz private key
: localhost.megasyncloopback.mega.nz private key in client
On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck
mailto:ha...@hboeck.de>> wrote:
As of today this is still unrevoked:
https://crt.sh/?id=630835231=ocsp
Given Comodo's abuse contact was CCed in this mail I assume they knew
about this since Sunday. Thus we're way past
t; From: dev-security-policy
> On
> > Behalf Of Alex Cohn via dev-security-policy
> > Sent: Wednesday, August 8, 2018 4:01 PM
> > To: ha...@hboeck.de
> > Cc: mozilla-dev-security-pol...@lists.mozilla.org;
> ssl_ab...@comodoca.com;
> > summern1...@gmail.com
> > Su
curity-policy On
> Behalf Of Alex Cohn via dev-security-policy
> Sent: Wednesday, August 8, 2018 4:01 PM
> To: ha...@hboeck.de
> Cc: mozilla-dev-security-pol...@lists.mozilla.org; ssl_ab...@comodoca.com;
> summern1...@gmail.com
> Subject: Re: localhost.megasyncloopback.mega.
On Wed, Aug 8, 2018 at 9:17 AM Hanno Böck wrote:
>
> As of today this is still unrevoked:
> https://crt.sh/?id=630835231=ocsp
>
> Given Comodo's abuse contact was CCed in this mail I assume they knew
> about this since Sunday. Thus we're way past the 24 hour in which they
> should revoke it.
>
>
On Sun, 5 Aug 2018 15:23:42 -0500
Alex Cohn via dev-security-policy
wrote:
> The certificate [1] in the GitHub link you posted was issued by
> Comodo, not by GeoTrust. The two share a private key, though, so both
> the Comodo and GeoTrust certs should be considered compromised at
> this point.
The certificate [1] in the GitHub link you posted was issued by Comodo, not
by GeoTrust. The two share a private key, though, so both the Comodo and
GeoTrust certs should be considered compromised at this point. I've added
the Comodo-issued cert to several CT logs for tracking, and I'm CCing
Hello Ben,
Thanks for your fast response and help.
After a bit research I also found the source with the key:
https://github.com/meganz/MEGAsync/blob/master/src/MEGASync/control/Preferences.cpp
As it is public I think it should not be problem to post it here.
Best Regards
Norbert
Norbert,
I've tried to verify this with and without spaces in the msg.asc below. I
get "Signature Verification Failure". Please contact me off-list to provide
me clearer information related to your proof of private key possession.
Thanks,
Ben Wilson
-Original Message-
From:
15 matches
Mail list logo