RE: Use of Certificate/Public Key Pinning

with care. -Tim > -Original Message- > From: dev-security-policy On > Behalf Of Ryan Sleevi via dev-security-policy > Sent: Wednesday, August 14, 2019 2:08 PM > To: Nuno Ponte > Cc: mozilla-dev-security-policy > > Subject: Re: Use of Certificate/Public Key Pin

Re: Use of Certificate/Public Key Pinning

On Tue, Aug 13, 2019 at 11:12 AM Nuno Ponte via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Dear m.d.s.p., > > I would like to bring into discussion the use of certificate/public key > pinning and the impacts on the 5-days period for certificate revo

Re: Use of Certificate/Public Key Pinning

hich have historically hindered the agility of the WebPKI. On Tue, Aug 13, 2019 at 10:12 AM Nuno Ponte via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Dear m.d.s.p., > > I would like to bring into discussion the use of certificate/public key > pinning an

Re: Use of Certificate/Public Key Pinning

anchor, and operate a root CA oneself, managing it as one would a public CA (offline root, possibly offline intermediates, etc) -tom On Tue, 13 Aug 2019 at 15:12, Nuno Ponte via dev-security-policy wrote: > > Dear m.d.s.p., > > I would like to bring into discussion the use of certif

Re: Use of Certificate/Public Key Pinning

On Mon, 12 Aug 2019, Nuno Ponte via dev-security-policy wrote: Recently, we (Multicert) had to rollout a general certificate replacement due to the serial number entropy issue. Some of the most troubled cases to replace the certificates were customers doing certificate pinning on mobile apps.

Use of Certificate/Public Key Pinning

Dear m.d.s.p., I would like to bring into discussion the use of certificate/public key pinning and the impacts on the 5-days period for certificate revocation according to BR §4.9.1.1. Recently, we (Multicert) had to rollout a general certificate replacement due to the serial number entropy