And why wouldn't a request token fit the patent's interpretation of a "Pass
String"? The only definition I saw in the patent was something generated by
the validating entity and forwarded to the requester. The pass string can be
a code, but that does not necessarily preclude a request token.
"1.
Steve,
While I understand that your investigation is ongoing, this does seem
extremely similar, if not identical, to Symantec's previous misissuance.
In that previous incident, Symantec took a number of steps - beginning with
reportedly immediately terminating the employees responsible and then
On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote:
> Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only
> apply to end-entity certificates?
>
> If yes, where does it specify that in the document?
>
> This has come up in a few CA requests, due to
All,
Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply
to end-entity certificates?
If yes, where does it specify that in the document?
This has come up in a few CA requests, due to errors we get when we run Kurt's
x509lint test.
Example:
On Monday, 23 January 2017 18:07:59 UTC, Jeremy Rowley wrote:
> What do you mean they are weak sauce? Considering at least one of the
> patents is claimed to cover the ACME challenge validations, they seem pretty
> on-point.
I thought my comparison illustrated very well what I meant by weak
What do you mean they are weak sauce? Considering at least one of the
patents is claimed to cover the ACME challenge validations, they seem pretty
on-point.
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On
On Monday, January 23, 2017 at 10:34:42 AM UTC+1, Santhan Raj wrote:
> If a domain administrator approves a request without checking why/who needs
> the cert, there is little a CA can do to mitigate such threats.
I agree. But the CA could help prevent these threats.
And, in that specific case,
If a domain administrator approves a request without checking why/who needs the
cert, there is little a CA can do to mitigate such threats.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
8 matches
Mail list logo