On 11/11/16 15:43, Nick Lamb wrote:
> My review (based on what I saw posted to CA/B mailing lists)
> suggested
> that there isn't active patent uncertainty at all for some Ballot 169
> methods. I would welcome more information if you have some.
Well, if previous IPR disclosures are, in fact,
On 10/11/16 19:52, Robin Alden wrote:
> To avoid suggestions of weasel-words around the CA/B forum's struggle with
> their IP policy my understanding is that at least Microsoft, and I hope
> other browsers too, will incorporate the Ballot 169 wording into their
> policy regardless of whether the
On Thursday, 10 November 2016 19:53:25 UTC, Robin Alden wrote:
> I can't speak to your assumptions, but I concede that it is not explicit in
> the CPS.
>
> It is now documented at
> https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf
> and in the knowledgebase article at:
Nick Lamb, on 02 October 2016 17:50, said..
> The first thing that jumps out at me from their report is that they
mistake .sb
> for a gTLD when it is actually a ccTLD.
That was a mistake in writing the report.
The point is that it is a TLD.
> The second thing obviously is that they do have
Eric Mill, on 03 October 2016 03:14, said..
> On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> > On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > > There is some good news. The CA/Browser Forum has already addressed
> > > this, even prior to the current
On 04/10/16 14:19, Nick Lamb wrote:
> That's why I proposed Mozilla might like to write this to CA/B or in
> a group CA communication, because I would be astonished if WoSign and
> Comodo are the only CAs to have such special "rules" that defeat the
> purpose of the validation step, or if this is
On Tuesday, 4 October 2016 12:21:47 UTC+1, Rob Stradling wrote:
> When we are required (by CABForum and/or root program requirements) to
> do , we will of course undertake to do .
>
> There are lots of s that we are already required to do. We
> haven't tended to issue a separate announcement
On 03/10/16 02:23, Nick Lamb wrote:
> Comodo's document never actually says that they're abolishing this "rule" as
> a result of Ballot 169. It lets you choose to draw that implication, by
> specifying that their current practices pre-date Ballot 169's changes, but it
> never says as much.
On 02/10/16 17:49, Nick Lamb wrote:
> On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
>> https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg04274.html
>
> Thanks, I too could not find this in Google Groups. That is a little
> concerning as I had assumed this
-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Man Ho (Certizen)
Sent: Monday, October 3, 2016 2:55 AM
To: Peter Bowen <pzbo...@gmail.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
<dev-security-policy@lists.mozilla.org>
Subject: Re: C
On 10/3/2016 11:50 AM, Peter Bowen wrote:
> 3.2.2.4.4, 3.2.2.4.6, 3.2.2.4.9, and 3.2.2.4.10 all use the newly
> defined "Authorization Domain Name", which should avoid this in the
> future.
Thank you for pointing me to those sections, but my confusion may be
starting from the definition of
You are correct, I was not clear.
3.2.2.4.4, 3.2.2.4.6, 3.2.2.4.9, and 3.2.2.4.10 all use the newly
defined "Authorization Domain Name", which should avoid this in the
future.
3.2.2.4.7 is actually the outlier, in that it allows _
(underscore + some label) prefixed to the name being validated.
Peter,
I'm confused why only the section 3.2.2.4.7 specifically addresses this
concern, and how. If only it does, would it implies that CA must use
this method of section 3.2.2.4.7 to validate a Base Domain Name, which
happened to be an Authorization Domain Name requested by the applicant ?
On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > There is some good news. The CA/Browser Forum has already addressed
> > this, even prior to the current discussions. Ballot 169
> >
On Sun, Oct 2, 2016 at 6:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
>
>> Under the new rules, which should be in
>> effect as of 1 March 2017, validating www. will not be a valid
>> method of showing control of . The name is true
On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> There is some good news. The CA/Browser Forum has already addressed
> this, even prior to the current discussions. Ballot 169
> (https://cabforum.org/2016/08/05/ballot-169-revised-validation-requirements/)
> revises 3.2.2.4
On Sun, Oct 2, 2016 at 9:49 AM, Nick Lamb wrote:
>
> The second thing obviously is that they do have exactly the "rule" Richard
> Wang described, and they believe this was justified under the BRs old 3.2.2.4
> method 7 (which isn't a method at all, it's basically a
On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
> https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg04274.html
Thanks, I too could not find this in Google Groups. That is a little concerning
as I had assumed this was the authoritative source, since it's linked
On 02/10/16 12:01, Jason Milionis wrote:
> Still no response from COMODO CA, that's interesting, but why?
They published an incident report a couple of days ago. For some reason,
it's not visible in the Google Groups archive of m.d.s.p (at least for
me). Here's an alternative link:
On Saturday, September 24, 2016 at 7:07:39 AM UTC+8, Showfom wrote:
> First, let me introduce myself, I'm a famous investor of ccTLD domains from
> China.
>
> Recently we get an easy-remember domain www.sb, please note the extension is
> .sb
>
> I ordered a Comodo Positive SSL for this domain,
On Sunday, September 25, 2016 at 6:24:11 AM UTC+8, Percy wrote:
> Ha! @Showfom perhaps you should try getting a widecard cert from them and
> consequently obtain a cert for all *.sb domains.
I tried to get cert from StartSSL, they will only issue www.sb or www.www.sb,
that's good.
On Sunday, September 25, 2016 at 6:14:06 PM UTC-7, Richard Wang wrote:
> This rule is ok for more case, but for this case, it is wrong.
This rule is NEVER ok. Please re-read the BRs to understand why.
> There is another bug that it means Comodo don't have the gTLD blocking system
> that
' <pzbo...@gmail.com>; 'Nick Lamb' <tialara...@gmail.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Comodo issued a certificate for an extension
Hi All,
We did receive a direct report of the problem yesterday (24th
September) from a Mozilla rep., thank
Of Peter Bowen
> Sent: 25 September 2016 17:37
> To: Nick Lamb <tialara...@gmail.com>
> Cc: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Comodo issued a certificate for an extension
>
> On Sun, Sep 25, 2016 at 9:19 AM, Nick Lamb <tialara...@gmail.com>
On Sun, Sep 25, 2016 at 9:19 AM, Nick Lamb wrote:
> On Sunday, 25 September 2016 15:35:07 UTC+1, mono...@gmail.com wrote:
>> am I the only one who a) thinks this is slightly problematic and b) is
>> surprised that the cert still isn't revoked?
>
> I don't know enough about
On Sunday, 25 September 2016 15:35:07 UTC+1, mono...@gmail.com wrote:
> am I the only one who a) thinks this is slightly problematic and b) is
> surprised that the cert still isn't revoked?
I don't know enough about the .sb ccTLD to be clear how problematic the
described scenario is. I would
am I the only one who a) thinks this is slightly problematic and b) is
surprised that the cert still isn't revoked?
Cheers,
mono
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Ha! @Showfom perhaps you should try getting a widecard cert from them and
consequently obtain a cert for all *.sb domains.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
The affected cert has been logged here: https://crt.sh/?id=34242572
Am 24.09.2016 um 02:33 schrieb Richard Wang:
> First, I must make declaration that I don't know "Showfom", and I don't know
> if he/she is a WoSign customer.
>
> As I said in my final statement that I wish all Mozilla trusted
First, I must make declaration that I don't know "Showfom", and I don't know if
he/she is a WoSign customer.
As I said in my final statement that I wish all Mozilla trusted CA can post
their issued certificate to CT log server for full transparency, I am sure not
WoSign mis-issued certificate
First, I must make declaration that I don't know "Showfom", and I don't know if
he/she is a WoSign customer.
As I said in my final statement that I wish all Mozilla trusted CA can post
their issued certificate to CT log server for full trenchancy, I am sure not
WoSign mis-issued certificate,
31 matches
Mail list logo