Kyle,
It is one trying to say NSS doesn't let you have multiple certificates with the
same issuer and serial, which is factually true, but it's another to suggest
this means it pins as you described, which is incorrect speculation.
I appreciate your attention to detail citing X.509, but let's
On 9/4/2016 02:04, Eddy Nigg wrote:
> On 09/02/2016 07:02 PM, Nick Lamb wrote:
>> On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
>>> Lets speak about relying parties - how does this bug affect you?
>> As a relying party I am entitled to assume that there is no more than
>> one
On Sun, Sep 04, 2016 at 12:04:21PM +0300, Eddy Nigg wrote:
> On 09/02/2016 07:02 PM, Nick Lamb wrote:
> > On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
> > > Lets speak about relying parties - how does this bug affect you?
> > As a relying party I am entitled to assume that there
On 09/02/2016 07:02 PM, Nick Lamb wrote:
On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
Lets speak about relying parties - how does this bug affect you?
As a relying party I am entitled to assume that there is no more than one
certificate signed by a particular issuer with a
On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
> Lets speak about relying parties - how does this bug affect you?
As a relying party I am entitled to assume that there is no more than one
certificate signed by a particular issuer with a certain serial number. If I
have seen this
On 09/02/2016 09:38 AM, Jakob Bohm wrote:
4. Violations that are purely technical but cannot actually endanger
relying parties (such as issuing non-unique certificates to the correct
entities, or issuing certificates with too early expiry dates). This
would be the case with the StartCom serial
On 09/01/2016 11:52 AM, Nick Lamb wrote:
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote:
Not so, rather according to my assessment, the cost and everything it
entailed (including other risks) to fix that particular issue outweighed
the benefits for having it fixed within a
On 01/09/2016 10:52, Nick Lamb wrote:
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote:
Not so, rather according to my assessment, the cost and everything it
entailed (including other risks) to fix that particular issue outweighed
the benefits for having it fixed within a
The ballot on this started today
> On Sep 1, 2016, at 7:21 AM, Kurt Roeckx wrote:
>
>> On 2016-09-01 14:21, Matt Palmer wrote:
>>> On Thu, Sep 01, 2016 at 10:53:36AM +0300, Eddy Nigg wrote:
On 09/01/2016 04:20 AM, Matt Palmer wrote:
You were knowingly violating a MUST
On 2016-09-01 14:21, Matt Palmer wrote:
On Thu, Sep 01, 2016 at 10:53:36AM +0300, Eddy Nigg wrote:
On 09/01/2016 04:20 AM, Matt Palmer wrote:
You were knowingly violating a MUST provision of RFC5280.
From experience there have been many RFC violations, sometimes even
knowingly and
On Wednesday, 31 August 2016 17:57:41 UTC+1, Eddy Nigg wrote:
> On 08/31/2016 03:19 PM, Matt Palmer wrote:
> > That bug appears to pre-date *all* of the certificates listed above.
> > Further, the last communication on that bug (2014-09-22), from Eddy
> > Nigg (of StartCom), said:
> >> It's a
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote:
> Not so, rather according to my assessment, the cost and everything it
> entailed (including other risks) to fix that particular issue outweighed
> the benefits for having it fixed within a time-frame shorter than that.
It seems
On 09/01/2016 04:20 AM, Matt Palmer wrote:
That sounds an awful lot like "we can't fix our own systems", which is
a... terrifying thought.
Not so, rather according to my assessment, the cost and everything it
entailed (including other risks) to fix that particular issue outweighed
the
On Wed, Aug 31, 2016 at 07:57:02PM +0300, Eddy Nigg wrote:
> On 08/31/2016 03:19 PM, Matt Palmer wrote:
> >That bug appears to pre-date *all* of the certificates listed above.
> >Further, the last communication on that bug (2014-09-22), from Eddy Nigg
> >(of StartCom), said:
> >>It's a hard and
On Wed, Aug 31, 2016 at 09:29:20AM +0200, Kurt Roeckx wrote:
> On 2016-08-31 04:56, Peter Bowen wrote:
> >In reviewing the Certificate Transparency logs, I noticed the StartCom
> >has issued multiple certificates with identical serial numbers and
> >identical issuer names.
> >
>
On 2016-08-31 04:56, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-05)
On 08/31/2016 05:56 AM, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-05)
https://crt.sh/?serial=052D14BA553ED0
18 matches
Mail list logo