Sent: jueves, 1 de junio de 2017 14:46
To: Eric Mill ; Gervase Markham ; Inigo
Barreira ; Jeremy Rowley ;
Yuhong Bao
Cc: Kurt Roeckx ; Matthew Hardeman ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom issuing bogus certificates
Hi Inigo,
You mentioned there would be a rep
y
> [mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org
> ]
> On Behalf Of Gervase Markham via dev-security-policy
> Sent: jueves, 1 de junio de 2017 10:27
> To: Yuhong Bao ; Eric Mill ;
> Jeremy Rowley
> Cc: mozilla-dev-security-pol...@lists.mozilla.org;
Behalf Of Gervase Markham via dev-security-policy
Sent: jueves, 1 de junio de 2017 10:27
To: Yuhong Bao ; Eric Mill ;
Jeremy Rowley
Cc: mozilla-dev-security-pol...@lists.mozilla.org; Kurt Roeckx
; Matthew Hardeman
Subject: Re: StartCom issuing bogus certificates
On 01/06/17 01:48, Yuhong Bao w
On 01/06/17 01:48, Yuhong Bao wrote:
> I don't think there is anything important on example.com though
How would you like it if a CA decided there was nothing important on
your website and so decided it was OK to misissue certificates for it?
This requirement is a positive requirement ("must have
; Sent: Wednesday, May 31, 2017 4:34:20 PM
> To: Jeremy Rowley
> Cc: Kurt Roeckx; Yuhong Bao; mozilla-dev-security-pol...@lists.mozilla.org;
> Matthew Hardeman
> Subject: Re: StartCom issuing bogus certificates
>
> It's absolutely not harmless to use example.com<http://exampl
ailto:yuhongbao_...@hotmail.com>>
Cc:
mozilla-dev-security-pol...@lists.mozilla.org<mailto:mozilla-dev-security-pol...@lists.mozilla.org>;
Matthew Hardeman
mailto:mharde...@gmail.com>>
Subject: Re: StartCom issuing bogus certificates
On Wed, May 31, 2017 at 05:09:57PM +, Yuhong Bao
ity-policy-bounces+jeremy.rowley=digicert.c
> om@lists.mozilla
> .org] On Behalf Of Kurt Roeckx via dev-security-policy
> Sent: Wednesday, May 31, 2017 11:55 AM
> To: Yuhong Bao
> Cc: mozilla-dev-security-pol...@lists.mozilla.org; Matthew Hardeman
>
> Subject: Re: StartCom issuing bogus
unces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kurt Roeckx via dev-security-policy
Sent: Wednesday, May 31, 2017 11:55 AM
To: Yuhong Bao
Cc: mozilla-dev-security-pol...@lists.mozilla.org; Matthew Hardeman
Subject: Re: StartCom issuing bogus certificates
On Wed, May 31, 2017 at
For completeness, same for EV: https://crt.sh/?cn=ev&icaid=46855
Looks like some poor soul has been experimenting with test certificates for 3
weeks now, but has yet to succeed in issuing one that isn't violating the BRs...
___
dev-security-policy maili
On Wed, May 31, 2017 at 05:09:57PM +, Yuhong Bao via dev-security-policy
wrote:
> The point is that "misissuance" of example.com is harmless as they are
> reserved by IANA.
But example.com is a real domain that that even has an https
website. The certificate is issued by digicert, and the su
: Wednesday, May 31, 2017 10:08:10 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: StartCom issuing bogus certificates
>
> On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5, Yuhong Bao wrote:
> > It would be better to use example.com and not test.com or anythin
On Wednesday, May 31, 2017 at 12:10:36 PM UTC-5, Yuhong Bao wrote:
> The point is that "misissuance" of example.com is harmless as they are
> reserved by IANA.
Except that having a trusted root CA in the major root programs is a privileged
club with a lot of non-obvious rules. One of those (rou
curity-pol...@lists.mozilla.org
Subject: Re: StartCom issuing bogus certificates
On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5, Yuhong Bao wrote:
> It would be better to use example.com and not test.com or anything like that,
> as that is defined by IANA as a reserved domain.
No, it is necessar
On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5, Yuhong Bao wrote:
> It would be better to use example.com and not test.com or anything like that,
> as that is defined by IANA as a reserved domain.
No, it is necessary to respect the baseline requirements in issuing from "real"
trusted or to-be-t
: patryk.szczyglow...@gmail.com; mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: StartCom issuing bogus certificates
Hi all,
There´s been a misunderstanding internally when requested to create some "test"
certificates as indicated in the Microsoft root program requirements as
Wow.
That is disheartening. Those are issued from their newly cut intermediates
issued descending from their G3 root, which I had assumed was the
infrastructure that they intend to get audited for inclusion into the various
root programs again.
It would seem an issuance like that on that infr
--- via dev-security-policy
Sent: miércoles, 31 de mayo de 2017 17:45
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: StartCom issuing bogus certificates
Hello,
My first post here.
I just noticed StartCom have issued today couple obviously fake certificates:
https://crt.sh/?
Hello,
My first post here.
I just noticed StartCom have issued today couple obviously fake certificates:
https://crt.sh/?id=146437565
Subject:
commonName= ov
organizationName = test
localityName = Beijing
stateOrProvinceName = Beijing
18 matches
Mail list logo