El lunes, 18 de septiembre de 2017, 8:27:18 (UTC-5), Gervase Markham escribió:
> On 11/09/17 12:03, Gervase Markham wrote:
> > Thank you for this initial response. It is, however, far less detailed
> > than we would like to see.
>
> I have not had any further updates from PROCERT. I have tried
On Thursday, September 21, 2017 at 10:13:56 AM UTC+1, Rob Stradling wrote:
> Our CPS has now been updated.
Will you be ensuring that CAs like Gandi who are chaining back to your roots
also update their CPS?
Regards
Rich.
___
dev-security-policy
On Thursday, September 21, 2017 at 11:23:28 AM UTC-5, Gervase Markham wrote:
> The CA Certificates module owner and peers have come to a decision
> regarding our investigations into the activities of the CA "PROCERT".
>
> A large number of issues were raised regarding the operations and
>
On 21/09/2017 23:08, alejandrovolcan--- via dev-security-policy wrote:
> Dear Gerv, I have attached a document that gives us a greater
> response to each of the points, as well as Mr. Oscar Lovera sent you
> an email with the same information
>
>
I can confirm that as of this moment the VISA OCSP responders are still
responding GOOD for non-existent certificates. VISA was originally
contacted by me on August 29 so it has now been over 21 days since initial
report.
-Paul
On September 21, 2017 at 9:32:12 PM, Gervase Markham via
The CA Certificates module owner and peers have come to a decision
regarding our investigations into the activities of the CA "PROCERT".
A large number of issues were raised regarding the operations and
practices of this CA:
https://wiki.mozilla.org/CA:PROCERT_Issues
Considering them, it seems
Additionally, 13 days ago it was reported to VISA that their OCSP
responder was misconfigured to return "good" responses for non-existent
certificates:
https://bugzilla.mozilla.org/show_bug.cgi?id=1398261
As far as I can see, this is the case for their end-entity certificates,
not just some roots
It seems like the list of topics to cover on the Responding to a
Misissuance page:
https://wiki.mozilla.org/CA/Responding_To_A_Misissuance#Incident_Report
has become a de facto template for incident reports.
We've now had quite a few CAs use this outline to respond to issues. If
people (CAs or
Jeremy,
Thanks for attaching the diagrams - this is very useful in helping
visualize out the graph! Special thanks for detailing out the validation
flow DigiCert both practices and plans to practice - this level of
transparency goes a long way to helping assess and understand both risks
and
On Thu, Sep 21, 2017 at 7:17 PM, Ryan Sleevi via dev-security-policy
wrote:
> I think we can divide the discussion into two parts, similar to the
> previous mail: How to effectively transition Symantec customers with
> minimum disruption, whether acting as
On 08/09/17 20:24, Andrew Ayer via dev-security-policy wrote:
The BRs state:
"Effective as of 8 September 2017, section 4.2 of a CA's Certificate
Policy and/or Certification Practice Statement (section 4.1 for CAs
still conforming to RFC 2527) SHALL state the CA's policy or practice
on
11 matches
Mail list logo