Re: About upcoming limits on trusted certificates

2020-03-03 Thread Matt Palmer via dev-security-policy
On Tue, Mar 03, 2020 at 01:53:49PM -0800, Clint Wilson wrote: > On Mar 3, 2020, at 1:41 PM, Matt Palmer via dev-security-policy > wrote: > > On Tue, Mar 03, 2020 at 11:55:24AM -0800, Clint Wilson via > > dev-security-policy wrote: > >> For additional information, please see > >>

Re: About upcoming limits on trusted certificates

2020-03-03 Thread Clint Wilson via dev-security-policy
Hi Matt, This is determined using the notBefore value in the certificate; if the notBefore value is greater than or equal to September 1, 2020 00:00 GMT/UTC, then the updated policy will apply. Cheers, -Clint > On Mar 3, 2020, at 1:41 PM, Matt Palmer via dev-security-policy > wrote: > > On

Re: About upcoming limits on trusted certificates

2020-03-03 Thread Matt Palmer via dev-security-policy
On Tue, Mar 03, 2020 at 01:27:59PM -0700, Wayne Thayer via dev-security-policy wrote: > I'd like to ask for input from the community: is this a requirement that we > should add to the Mozilla policy at this time (effective September 1, 2020)? I don't see any reason not to. - Matt

Re: About upcoming limits on trusted certificates

2020-03-03 Thread Matt Palmer via dev-security-policy
On Tue, Mar 03, 2020 at 11:55:24AM -0800, Clint Wilson via dev-security-policy wrote: > For additional information, please see > https://support.apple.com/en-us/HT211025. I have a question regarding this part: > TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC > must

Re: About upcoming limits on trusted certificates

2020-03-03 Thread Wayne Thayer via dev-security-policy
Thank you for sharing this Clint. I'd like to ask for input from the community: is this a requirement that we should add to the Mozilla policy at this time (effective September 1, 2020)? You may recall that a 398-day maximum validity for TLS certificates was proposed to the CA/Browser Forum by

About upcoming limits on trusted certificates

2020-03-03 Thread Clint Wilson via dev-security-policy
Hello all, I wanted to inform this community of an upcoming change to the Apple Root Program. SSL/TLS certificates issued on or after September 1, 2020 will need to have a total lifetime of no more than 398 days. This change will be put in place in a future release of iOS, macOS, iPadOS,

Re: Audit Reminders for Intermediate Certs

2020-03-03 Thread Kathleen Wilson via dev-security-policy
Forwarded Message Subject: Summary of March 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Mar 2020 15:00:16 + (GMT) CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint:

Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug

2020-03-03 Thread Jacob Hoffman-Andrews via dev-security-policy
We've posted our Incident Report at https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy