On 16/12/16 17:55, Nick Lamb wrote:
> So here we are, three months later, First Data are back, as predicted, asking
> for another "exception".
Those reading the CAB Forum list will note that Mozilla has declined to
grant an additional exception.
Gerv
By the way Gerv, in your flurry of posts to CA/B Forum public you comment
"If I were going to calculate a SHA-1 collision, the certificate of a
machine handling tens or hundreds of thousands of credit cards a day
would be a reasonably obvious target, ISTM."
This would need a second pre-image
On 06/10/16 06:46, Peter Bowen wrote:
> I think we can all look back with 20/20 hindsight and say that device
> vendors should not use the same roots as browsers and that maybe CAs
> should have created "SHA-1 forever" roots for devices that never plan
> to update, but that is great hindsight. We
On 06/10/16 15:22, Jakob Bohm wrote:
> Good, now communicate it.
Companies should be talking to their CAs, who will offer this service if
they have it.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 06/10/2016 15:58, Gervase Markham wrote:
On 06/10/16 12:38, Jakob Bohm wrote:
Which is why I have repeatedly suggested that maybe the rules should be
changed to promote/demote some of the historic SHA-1 root certs into
"SHA-1 forever" roots that can service older devices and browsers, even
On 06/10/16 12:38, Jakob Bohm wrote:
> Which is why I have repeatedly suggested that maybe the rules should be
> changed to promote/demote some of the historic SHA-1 root certs into
> "SHA-1 forever" roots that can service older devices and browsers, even
> for regular websites concerned about
On 06/10/2016 07:46, Peter Bowen wrote:
On Wed, Oct 5, 2016 at 10:02 PM, Michael Ströder wrote:
Dean Coclin wrote:
First Data's customers don't use browsers so Firefox can disable SHA-1 tomorrow
and not affect them.
So why to have your CA certificate trusted in
On Thu, Oct 06, 2016 at 08:22:20AM +0200, Hanno Böck wrote:
> On Wed, 5 Oct 2016 22:46:24 -0700
> Peter Bowen wrote:
>
> > I think we can all look back with 20/20 hindsight and say that device
> > vendors should not use the same roots as browsers and that maybe CAs
> > should
On Wed, 5 Oct 2016 22:46:24 -0700
Peter Bowen wrote:
> I think we can all look back with 20/20 hindsight and say that device
> vendors should not use the same roots as browsers and that maybe CAs
> should have created "SHA-1 forever" roots for devices that never plan
> to
On Wed, Oct 5, 2016 at 10:02 PM, Michael Ströder wrote:
> Dean Coclin wrote:
>> First Data's customers don't use browsers so Firefox can disable SHA-1
>> tomorrow
>> and not affect them.
>
> So why to have your CA certificate trusted in Firefox's cert DB?
>
>> First Data
Dean Coclin wrote:
> First Data's customers don't use browsers so Firefox can disable SHA-1
> tomorrow
> and not affect them.
So why to have your CA certificate trusted in Firefox's cert DB?
> First Data has asked for a reasonable extension which doesn't affect browsers.
If it does not "affect
Nick,First Data's customers don't use browsers so Firefox can disable SHA-1 tomorrow and not affect them. Remember, many of these "customers" are small businesses or non-profits. I think about places like a private school or church that whip out the terminal when it's time for the festival or
We had a thread about the TSYS application but not for First Data.
Unlike with TSYS I don't see anything here that leaps out as problematic in the
to-be-signed certificates but I do think the moral hazard problem is larger
here than with TSYS and anyway bears revisiting.
First Data say they
13 matches
Mail list logo