BTW - this certificate was revoked.
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Mark Steward via dev-security-policy
Sent: Friday, December 29, 2017 11:30 AM
To: Matthew Hardeman
On December 29, 2017 at 12:27:35 PM, David E. Ross via dev-security-policy (
dev-security-policy@lists.mozilla.org) wrote:
On 12/28/2017 10:33 PM, Peter Bowen wrote:
> On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm via dev-security-policy
> wrote:
>> After
On Mon, Dec 25, 2017 at 7:50 PM, Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Part of the trouble in relying upon the name alone is that on many OS's
> (maybe all -- at least all the ones that matter for client side work) can
> have localhost
On 12/28/2017 10:33 PM, Peter Bowen wrote:
> On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm via dev-security-policy
> wrote:
>> After looking at some real certificates both in the browser and on crt.sh, I
>> have some followup questions on certificate serial
I sent the key to Jeremy on Tuesday as Hanno suggested, and it was revoked
at 9am the next morning.
The encrypted private key information is only in memory during startup, so
I identified that bit of code and broke into a debugger. You could pull the
parameters out of OpenSSL's internals too.
Or just generate longer serials with random.
Which is much simpler.
On Fri, Dec 29, 2017 at 11:57 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 29/12/2017 13:55, Nick Lamb wrote:
>
>> On Fri, 29 Dec 2017 07:24:31 +0100
>> Jakob Bohm via
On 29/12/2017 13:55, Nick Lamb wrote:
On Fri, 29 Dec 2017 07:24:31 +0100
Jakob Bohm via dev-security-policy
wrote:
3. Or would the elimination in #2 reduce the entropy of such serial
numbers to slightly less than 64 bits (since there are less than
On Fri, Dec 29, 2017 at 1:24 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> After looking at some real certificates both in the browser and on crt.sh,
> I have some followup questions on certificate serial numbers:
>
> 1. Do all recently issued
On Fri, 29 Dec 2017 07:24:31 +0100
Jakob Bohm via dev-security-policy
wrote:
> 3. Or would the elimination in #2 reduce the entropy of such serial
>numbers to slightly less than 64 bits (since there are less than
> 2**64 allowed values for all but the
9 matches
Mail list logo