On 22/2/2016 6:52 μμ, Peter Kurrasch wrote:
Hi Dimitris,
You certainly echo the sentiment of others in this forum by directing
me to the CABF but my concerns are particular to HARICA at this point.
Simply put, the CABF BR has security gaps in section 3.2.2.4 which can
result in certificate
On Tue, Feb 23, 2016 at 6:26 PM, Eric Mill wrote:
> On Tue, Feb 23, 2016 at 1:57 PM, Gervase Markham wrote:
>
>>
>> Our proposal, which we have sent to Symantec, Worldpay and the other
>> browsers, is as follows:
>>
>
> Thank you for bringing this to the
On Tue, Feb 23, 2016 at 9:38 PM, Peter Gutmann
wrote:
> Gervase Markham writes:
>
> >Mozilla is very keen to see SHA-1 eliminated, but understands that for
> >historical reasons poor decisions were made in private PKIs about which
> roots
> >to
Gervase Markham writes:
>Mozilla is very keen to see SHA-1 eliminated, but understands that for
>historical reasons poor decisions were made in private PKIs about which roots
>to trust, and such decisions are not easily remedied.
I'm curious about what's going on here, as you
On Tue, Feb 23, 2016 at 1:57 PM, Gervase Markham wrote:
>
> Our proposal, which we have sent to Symantec, Worldpay and the other
> browsers, is as follows:
>
Thank you for bringing this to the list for public input, even with a tight
timeline and under immense pressure. It
Large quantities of SHA-1 certificates were issued in the weeks prior to
the deadline as operators of systems not intended for primarily browser
based consumption maximized their remaining compliant lifespan, Embedded
physical deployment of devices that are not updated at browser speed runs
the
On Tuesday, February 23, 2016 at 10:58:19 AM UTC-8, Gervase Markham wrote:
> Mozilla and other browsers have been approached by Worldpay, a large
> payment processor, via Symantec, their CA. They have been transitioning
> to SHA-2 but due to an oversight have failed to do so in time for a
>
On Tue, Feb 23, 2016 at 12:05 PM, Andrew Ayer wrote:
> On Tue, 23 Feb 2016 18:57:41 +
> Gervase Markham wrote:
>
> > Please comment on whether this proposal seems reasonable, being aware
> > of the short timelines involved.
>
> I am opposed. There is
On Tue, Feb 23, 2016 at 1:47 PM, Andrew Ayer wrote:
> On Tue, 23 Feb 2016 13:12:27 -0800
> Yuhong Bao wrote:
>
> > If OneCRL always used the same hash algorithm as the certificate,
> > then any colliding certificate would also be treated as
On Tue, Feb 23, 2016 at 1:44 PM, Charles Reiss wrote:
> On 02/23/16 18:57, Gervase Markham wrote:
> [snip]
> > Symantec may issue certificates to Worldpay if the following things are
> > true:
>
> Based on what's happened with MD5 certificates, it seems the main risk
> of
On Tuesday, February 23, 2016 at 10:58:19 AM UTC-8, Gervase Markham wrote:
> Mozilla and other browsers have been approached by Worldpay, a large
> payment processor, via Symantec, their CA. They have been transitioning
> to SHA-2 but due to an oversight have failed to do so in time for a
>
On 02/23/16 18:57, Gervase Markham wrote:
[snip]
> Symantec may issue certificates to Worldpay if the following things are
> true:
Based on what's happened with MD5 certificates, it seems the main risk
of harm comes from something like a chosen-prefix collision attack using
a specially
On Tue, 23 Feb 2016 18:57:41 +
Gervase Markham wrote:
> Please comment on whether this proposal seems reasonable, being aware
> of the short timelines involved.
I am opposed. There is no telling how many other organizations are in a
similar situation due to poor planning
13 matches
Mail list logo