Thanks again to everyone reviewed and commented on this request from TrustCor.
I am now closing this discussion, and will recommend approval in the bug to
include the “TrustCor RootCert CA-1”, “TrustCor RootCert CA-2”, and “TrustCor
ECA-1” root certificates and enable the Websites and Email
On 18/08/17 04:37, Gervase Markham wrote:
> I've started a wiki page giving Mozilla expectations and best practices
> for CAs responding to a misissuance report. (No idea why I decided to
> write that now...)
>
> https://wiki.mozilla.org/CA/Responding_To_A_Misissuance
I have now removed the
On 22/08/17 11:02, Ryan Sleevi wrote:
> I think it'd be useful if we knew of reasons why standing up (and
> migrating) to a new infrastructure was not desirable?
It is true that in the case of a legacy root, creating a new root with a
cross-sign is not technically all that complex (although it
On 26/7/2017 3:38 πμ, Matthew Hardeman via dev-security-policy wrote:
On Tuesday, July 25, 2017 at 1:00:39 PM UTC-5,birg...@princeton.edu wrote:
We have been considering research in this direction. PEERING controls several
ASNs and may let us use them more liberally with some convincing. We
Actually previous SHA-1 certs might be one of the least objectionable
non-compliances assuming that nobody expects Firefox, or other clients in the
Web PKI to actually trust these certs, because the difference in signature
algorithm contains the risk nicely.
Bad guys who have speculatively
5 matches
Mail list logo