; Matthew Hardeman <mharde...@gmail.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom issuing bogus certificates
Hi Inigo,
You mentioned there would be a report attached but I believe you forgot to send
it?
Can you upload the report and provide a URL?
dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org
> ]
> On Behalf Of Gervase Markham via dev-security-policy
> Sent: jueves, 1 de junio de 2017 10:27
> To: Yuhong Bao <yuhongbao_...@hotmail.com>; Eric Mill <e...@konklone.com>;
> Jeremy Rowley <jeremy.
.@roeckx.be>; Matthew Hardeman <mharde...@gmail.com>
Subject: Re: StartCom issuing bogus certificates
On 01/06/17 01:48, Yuhong Bao wrote:
> I don't think there is anything important on example.com though
How would you like it if a CA decided there was nothing important on
On 01/06/17 01:48, Yuhong Bao wrote:
> I don't think there is anything important on example.com though
How would you like it if a CA decided there was nothing important on
your website and so decided it was OK to misissue certificates for it?
This requirement is a positive requirement ("must
ll <e...@konklone.com>
> Sent: Wednesday, May 31, 2017 4:34:20 PM
> To: Jeremy Rowley
> Cc: Kurt Roeckx; Yuhong Bao; mozilla-dev-security-pol...@lists.mozilla.org;
> Matthew Hardeman
> Subject: Re: StartCom issuing bogus certificates
>
> It's absolutely not harmless to us
rdeman
Subject: Re: StartCom issuing bogus certificates
It's absolutely not harmless to use example.com<http://example.com> to test
certificate issuance. People visit example.com<http://example.com> all the
time, given its role. An unauthorized certificate for
example.com<http://e
ces+jeremy.rowley=digicert.c
> om@lists.mozilla
> .org] On Behalf Of Kurt Roeckx via dev-security-policy
> Sent: Wednesday, May 31, 2017 11:55 AM
> To: Yuhong Bao <yuhongbao_...@hotmail.com>
> Cc: mozilla-dev-security-pol...@lists.mozilla.org; Matthew Hardeman
> <mharde...@gmail.com>
+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kurt Roeckx via dev-security-policy
Sent: Wednesday, May 31, 2017 11:55 AM
To: Yuhong Bao <yuhongbao_...@hotmail.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org; Matthew Hardeman
<mharde...@gmail.com>
Subject: Re: Star
On Wed, May 31, 2017 at 05:09:57PM +, Yuhong Bao via dev-security-policy
wrote:
> The point is that "misissuance" of example.com is harmless as they are
> reserved by IANA.
But example.com is a real domain that that even has an https
website. The certificate is issued by digicert, and the
ew Hardeman via
> dev-security-policy <dev-security-policy@lists.mozilla.org>
> Sent: Wednesday, May 31, 2017 10:08:10 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: StartCom issuing bogus certificates
>
> On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5
On Wednesday, May 31, 2017 at 12:10:36 PM UTC-5, Yuhong Bao wrote:
> The point is that "misissuance" of example.com is harmless as they are
> reserved by IANA.
Except that having a trusted root CA in the major root programs is a privileged
club with a lot of non-obvious rules. One of those
ity-policy
<dev-security-policy@lists.mozilla.org>
Sent: Wednesday, May 31, 2017 10:08:10 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom issuing bogus certificates
On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5, Yuhong Bao wrote:
> It would be better to use exa
rreira via dev-security-policy
<dev-security-policy@lists.mozilla.org>
Sent: Wednesday, May 31, 2017 9:21:00 AM
To: patryk.szczyglow...@gmail.com; mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: StartCom issuing bogus certificates
Hi all,
There´s been a misunderstanding int
Wow.
That is disheartening. Those are issued from their newly cut intermediates
issued descending from their G3 root, which I had assumed was the
infrastructure that they intend to get audited for inclusion into the various
root programs again.
It would seem an issuance like that on that
--- via dev-security-policy
Sent: miércoles, 31 de mayo de 2017 17:45
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: StartCom issuing bogus certificates
Hello,
My first post here.
I just noticed StartCom have issued today couple obviously fake certificates:
https://crt.sh/?
Hello,
My first post here.
I just noticed StartCom have issued today couple obviously fake certificates:
https://crt.sh/?id=146437565
Subject:
commonName= ov
organizationName = test
localityName = Beijing
stateOrProvinceName = Beijing
16 matches
Mail list logo