On Mon, Mar 16, 2020 at 12:11:57PM -0700, Chris Kemmerer via
dev-security-policy wrote:
> On Wednesday, March 11, 2020 at 5:41:00 PM UTC-5, Matt Palmer wrote:
> > On Wed, Mar 11, 2020 at 10:46:05AM -0700, Chris Kemmerer via
> > dev-security-policy wrote:
> > > On Tuesday, March 10, 2020 at
On Monday, March 16, 2020 at 2:46:46 PM UTC-5, Ryan Sleevi wrote:
> On Mon, Mar 16, 2020 at 3:12 PM Chris Kemmerer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > > It would appear that SSL.com is a member in good standing of the CA/B
> > Forum.
> > > Is there any
On Mon, Mar 16, 2020 at 3:12 PM Chris Kemmerer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > It would appear that SSL.com is a member in good standing of the CA/B
> Forum.
> > Is there any intention on the part of SSL.com to propose this change as a
> > ballot?
On Wednesday, March 11, 2020 at 5:41:00 PM UTC-5, Matt Palmer wrote:
> On Wed, Mar 11, 2020 at 10:46:05AM -0700, Chris Kemmerer via
> dev-security-policy wrote:
> > On Tuesday, March 10, 2020 at 8:44:49 PM UTC-5, Matt Palmer wrote:
> > > On Tue, Mar 10, 2020 at 01:48:49PM -0700, Chris Kemmerer
On Wed, Mar 11, 2020 at 10:46:05AM -0700, Chris Kemmerer via
dev-security-policy wrote:
> On Tuesday, March 10, 2020 at 8:44:49 PM UTC-5, Matt Palmer wrote:
> > On Tue, Mar 10, 2020 at 01:48:49PM -0700, Chris Kemmerer via
> > dev-security-policy wrote:
> > > For the purpose of identifying
We regret your impression that we take this issue with anything less than the
utmost seriousness.
We have opened a ticket and are actively working with our CA software vendor to
address the underlying issue.
Rather than stopping there, we have been working concurrently to put into place
the
On Wed, Mar 11, 2020 at 1:46 PM Chris Kemmerer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> You are correct, each compliance violation is considered an incident.
> However in our opinion we have not violated our CP/CPS or the current
> Baseline Requirements. Although
On Tuesday, March 10, 2020 at 8:44:49 PM UTC-5, Matt Palmer wrote:
> On Tue, Mar 10, 2020 at 01:48:49PM -0700, Chris Kemmerer via
> dev-security-policy wrote:
> > We have updated https://bugzilla.mozilla.org/show_bug.cgi?id=1620772 with
> > the findings of our current investigation.
>
> Thanks
On Tue, Mar 10, 2020 at 01:48:49PM -0700, Chris Kemmerer via
dev-security-policy wrote:
> We have updated https://bugzilla.mozilla.org/show_bug.cgi?id=1620772 with
> the findings of our current investigation.
Thanks for this update. I have... comments.
Before I get into the nitty-gritty,
We have updated https://bugzilla.mozilla.org/show_bug.cgi?id=1620772 with the
findings of our current investigation.
We believe all issues raised in this thread are addressed in this update. Our
investigation is ongoing and we welcome any positive input by the community as
an opportunity to
On Sun, 8 Mar 2020 10:57:49 +1100
Matt Palmer via dev-security-policy
wrote:
> > The fingerpint of the claimed Debian weak key was not included in
> > our database.
>
> I think it's worth determining exactly where SSL.com obtained their
> fingerprint database of weak keys. The private key in
On 07/03/2020 23:57, Matt Palmer via dev-security-policy wrote:
As further independent confirmation, the crt.sh page for the certificate
shows that crt.sh *also* identifies the certificate as having a Debian weak
key. My understanding is that crt.sh uses a database of keys that was
On Sat, Mar 07, 2020 at 09:07:11AM -0500, Ryan Sleevi wrote:
> Thanks. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1620772
I'll give points to SSL.com for a speedy initial response, but I'm a bit
disconcerted about this:
> The fingerpint of the claimed Debian weak key was not included
Thanks. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1620772
On Fri, Mar 6, 2020 at 9:48 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> (Pre) Certificate https://crt.sh/?id=2531502044 has been issued with a
> known
> weak key, specifically
14 matches
Mail list logo
