On Monday, June 19, 2017 at 11:40:22 PM UTC-5, Tom Ritter wrote:
> So at what point does the CA become culpable to misissuance in a case
> like this? Is it okay that we let them turn a blind eye to issuing or
> reissuing certificates where they have a strong reason to believe the
> private key
On 19 June 2017 at 08:28, Samuel Pinder via dev-security-policy
wrote:
> Therefore the newly re-issued
> certificate *will* end up with it's private key compromised *again*,
> no matter how well it may be obfuscated in the application, it is
> still against
On Sun, Jun 18, 2017 at 08:17:07AM -0700, troy.fridley--- via
dev-security-policy wrote:
> If you should find such an issue again in a Cisco owned domain, please
> report it to ps...@cisco.com and we will ensure that prompt and proper
> actions are taken.
I don't know, this way seems to have
Notes on your below suggested timeline:
1. I see no reason to have that many new root bundles from Symantec.
Ideally, there would be just two bundles: A transitional root bundle
which signs the outsourced SubCAs only, and a final bundle intended
to become the new long-term Symantec roots.
On 12/06/2017 22:12, Nick Lamb wrote:
On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote:
We think it is critically important to distinguish potential removal of support
for current roots in Firefox versus across NSS. Limiting Firefox trust to a
subset of roots while leaving NSS
On Monday, 19 June 2017 20:57:28 UTC+1, Tavis Ormandy wrote:
> I noticed there's an apparently valid facebook.com certificate in there
> (61b1526f9d75775c3d533382f36527c9.pem). This is surprising to me, that
> seems like it would be in CT already - so maybe I don't know what I'm doing.
>
> Let
On Monday, June 19, 2017 at 12:21:46 PM UTC-7, Peter Bowen wrote:
> It seems there is some confusion. The document presented would appear
> to be a Verified Accountant Letter (as defined in the EV Guidelines)
> and can used as part of the process to validate a request for an EV
> certificate. It
I wonder if the device intercepts DNS queries within the LAN for that address
and substitutes in the IP of the appliance instead of 127.0.0.1. Is it often
deployed as the customer premise NAT/router in addition to serving video
purposes?
I'm thinking they probably wanted some other devices or
I think it might be useful to take a step back and remind ourselves of
Mozilla's mission, principles and goals with regard to resolving the
situation with Symantec. These will be useful as we flesh out the
details of the consensus proposal, particularly concerning dates.
First, a quick reminder
I noticed there's an apparently valid facebook.com certificate in there
(61b1526f9d75775c3d533382f36527c9.pem). This is surprising to me, that
seems like it would be in CT already - so maybe I don't know what I'm doing.
Let me know if I've misunderstood something.
Tavis.
On Mon, Jun 19, 2017 at
Thanks Alex, I took a look, it looks like the check pings crt.sh - is doing
that for a large number of certificates acceptable Rob?
I made a smaller set, the certificates that have 'SSL server: Yes' or 'Any
Purpose : Yes', there were only a few thousand that verified, so I just
checked those and
On Mon, Jun 19, 2017 at 12:14 PM, Kathleen Wilson via
dev-security-policy wrote:
> I just filed https://bugzilla.mozilla.org/show_bug.cgi?id=1374381 about an
> audit statement that I received for SwissSign. I have copied the bug
> description below,
I just filed https://bugzilla.mozilla.org/show_bug.cgi?id=1374381 about an
audit statement that I received for SwissSign. I have copied the bug
description below, because I am concerned that there still may be ETSI auditors
(and CAs?) who do not understand the audit requirements, see below.
If you're interested in playing around with submitting them yourself, or
checking if they're already submitted, I've got some random tools for
working with CT: https://github.com/alex/ct-tools
Specifically ct-tools check will get what you
want. It's all serial, so for
There's more than just a clue in the name drmlocal.cisco.com , if one
looks up this address in the DNS it returns the loopback IP 127.0.0.1
. http://dnstools.ws/tools/lookup.php?host=drmlocal.cisco.com=A
This can only mean that this address is fully intended to be referred
to only by one's own
I found two and they were both expired so I disable them and did some research
which ended me in many sites and also here in this forum. If this happened so
long ago and was caught why is it in my Galaxy Grand Prime that I bought
brand-new less than two years ago.This is one-
16 matches
Mail list logo