Hi Blake,
On 21/04/17 16:55, blake.mor...@trustis.com wrote:
> Following further discussion with, and guidance from Mozilla, it has
> been determined that the getset.trustis.com certificate issued in
> November 2016 was a mis-issuance. This incident has highlighted an
> ambiguity arising from
On Thursday, March 16, 2017 at 11:00:51 AM UTC, Gervase Markham wrote:
> Hi Blake,
>
> On 02/03/17 16:26, blake morgan wrote:
> > We have engaged with our external auditors in relation to this and the
> > previous certificate that was reported. Once that activity has concluded we
> > will be
On 12/04/17 21:39, uri...@gmail.com wrote:
> Is there an expectation of a resolution of some sort to this matter?
> Also, their most recent audit is apparently overdue (perhaps related to the
> SHA-1 mis-issuance?)
>
>
Is there an expectation of a resolution of some sort to this matter?
Also, their most recent audit is apparently overdue (perhaps related to the
SHA-1 mis-issuance?)
https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/-689uFoXBwAJ
On Thursday, March 16, 2017 at 7:00:51 AM
Hi Blake,
On 02/03/17 16:26, blake.mor...@trustis.com wrote:
> We have engaged with our external auditors in relation to this and the
> previous certificate that was reported. Once that activity has concluded we
> will be providing further information.
Do you have an ETA for this incident
On Friday, February 24, 2017 at 11:25:22 PM UTC, Gervase Markham wrote:
> On 24/02/17 08:25, Andrew Ayer wrote:
> > Below is an unrevoked SHA-1 serverAuth certificate for
> > getset.trustis.com issued from this CA with a Not Before date of
> > 2016-11-07.
>
> Blake: you wrote: "As part of the
On 24/02/17 07:08, blake.mor...@trustis.com wrote:
> Certificates for the HMRC SET Service are issued from the SHA-1 “FPS
> TT Issuing Authority”, which is now only used for this service. The
> replacement server certificate for hmrcset.trustis.com was issued
> from the FPS TT IA, via a manual
On Fri, 24 Feb 2017 07:08:54 -0800 (PST)
"blake.morgan--- via dev-security-policy"
wrote:
> Trustis has some time ago, migrated all TLS certificate production to
> SHA-256 Issuing Authorities. The small number of previously issued
> SHA-1 TLS certificates
On Monday, February 20, 2017 at 11:50:59 AM UTC, Gervase Markham wrote:
> On 16/02/17 18:26, blake.mor...@trustis.com wrote:
> > Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com
> > and replaced it with a SHA-256 Certificate. This status is reflected
> > in the latest CRL.
>
On 16/02/17 18:26, blake.mor...@trustis.com wrote:
> Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com
> and replaced it with a SHA-256 Certificate. This status is reflected
> in the latest CRL.
Hi Blake,
We are pleased to hear that, but the detail of your report compares
On Thu, Feb 16, 2017 at 8:26 PM, blake.morgan--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
>
> Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com and
> replaced it with a SHA-256 Certificate. This status is reflected in the
> latest CRL.
>
On Wednesday, February 15, 2017 at 10:02:50 PM UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
>
Check the SSL Labs test:
https://www.ssllabs.com/ssltest/analyze.html?d=hmrcset.trustis.com, rate F that
even enabled SSL v2.
Best Regards,
Richard
On 16 Feb 2017, at 19:04, Nick Lamb via dev-security-policy
On Wednesday, 15 February 2017 22:02:50 UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
>
This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
EKU and CN=hmrcset.trustis.com:
https://crt.sh/?id=50773741=cablint
It lacks the SAN extension, but that doesn't excuse it from the ban on
SHA-1!
Its issuer is trusted for serverAuth by Mozilla:
15 matches
Mail list logo