On Tuesday, December 18, 2018 at 2:44:22 AM UTC-8, Matt Palmer wrote:
> Hi all,
>
> I'd like to make everyone aware of a service I've just stood up, called
> pwnedkeys.com. It's intended to serve as a clearinghouse of known-exposed
> private keys, so that services that accept public keys from
On Tue, Dec 18, 2018 at 6:52 PM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ballot 202 failed. I’m not sure how it’s relevant other than to indicate
> there was definite disagreement about whether underscores were permitted or
> not. As previously
Yeah – I’ll be providing an accurate incident report (working on gathering all
the information). The incident report assumes we don’t revoke of course.
Revocation is still on the table. However, I wanted to start the conversation
with everything I know so far:
1) ~2200 certs
2) Roughly 15
Jeremy,
It seems like any answer for what it "might" look like if a CA violated the
BRs in a particular way is going to be predicated on what the incident
report says. In the case of a hypothetical like this, it seems like the
hypothetical incident report would discuss what is planned or
On Tue, Dec 18, 2018 at 3:47 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Removing the "underscore mandatory" and "specific name X_Y mandatory"
> rules
> from deployed systems without introducing security holes takes more than
> the
> 1 month they have
On 18/12/2018 18:15, Ryan Sleevi wrote:
> On Tue, Dec 18, 2018 at 8:19 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 10/12/2018 18:09, Ryan Sleevi wrote:
>>> On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
>>>
The total number of certs impacted is about 2200. Just more info.
-Original Message-
From: dev-security-policy On
Behalf Of Jeremy Rowley via dev-security-policy
Sent: Tuesday, December 18, 2018 3:28 PM
To: mozilla-dev-security-policy
Subject: Underscore characters
We're looking at the
Forwarded Message
Subject: Summary of December 2018 Audit Reminder Emails
Date: Tue, 18 Dec 2018 20:00:20 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
TrustCor RootCert CA-2
TrustCor RootCert CA-1
TrustCor ECA-1
Standard Audit:
On Tue, Dec 18, 2018 at 1:53 PM Tim Hollebeek
wrote:
> The problem is that the attackers get to choose the CA they use, so
> multi-perspective validation doesn't provide any benefits unless everyone
> has to do it.
>
> I brought it up several times at the validation working group and as a
>
The problem is that the attackers get to choose the CA they use, so
multi-perspective validation doesn't provide any benefits unless everyone
has to do it.
I brought it up several times at the validation working group and as a
discussion topic at the Shanghai face to face, but unfortunately there
On Tue, Dec 18, 2018 at 8:19 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 10/12/2018 18:09, Ryan Sleevi wrote:
> > On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >>
On Tue, Dec 18, 2018 at 7:41 AM Rob Stradling wrote:
> On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
>
> > I think it;s worth calling out that Let's Encrypt has implemented what
> > appears to be a relatively simple mitigation:
> >
>
On 10/12/2018 18:09, Ryan Sleevi wrote:
> On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Hello!
>>
>> It would be helpful, if the CA/B or Mozilla could publish a document on
>> its web pages to which we can redirect
On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
> I think it;s worth calling out that Let's Encrypt has implemented what
> appears to be a relatively simple mitigation:
> https://community.letsencrypt.org/t/edns-buffer-size-changing-to-512-bytes/77945
Sectigo implemented this
Hi all,
I'd like to make everyone aware of a service I've just stood up, called
pwnedkeys.com. It's intended to serve as a clearinghouse of known-exposed
private keys, so that services that accept public keys from external
entities (such as -- relevant to mdsp's interests -- CAs) can make one
15 matches
Mail list logo