Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

On Sat, Mar 21, 2020 at 01:53:31AM +, Nick Lamb wrote: > On Sat, 21 Mar 2020 09:25:26 +1100 > Matt Palmer via dev-security-policy > wrote: > > > These two certificates: > > > > https://crt.sh/?id=2602048478=ocsp > > https://crt.sh/?id=2601324532=ocsp > > > > Were issued by Let's

Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

On Sat, 21 Mar 2020 09:25:26 +1100 Matt Palmer via dev-security-policy wrote: > These two certificates: > > https://crt.sh/?id=2602048478=ocsp > https://crt.sh/?id=2601324532=ocsp > > Were issued by Let's Encrypt more than 24 hours ago, and remain > unrevoked, despite the revocation of

Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

These two certificates: https://crt.sh/?id=2602048478=ocsp https://crt.sh/?id=2601324532=ocsp Were issued by Let's Encrypt more than 24 hours ago, and remain unrevoked, despite the revocation of the below two certificates, which use the same private key, for keyCompromise prior to the

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

On 3/20/20 1:15 PM, Jeremy Rowley wrote: What about issues other than audits? For example, with certain locations closing, key ceremonies may become impossible, leading to downed CRLs/OCSP for intermediates. There's also a potential issue with trusted roles even being able to access the data

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

On Fri, Mar 20, 2020 at 4:15 PM Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > What about issues other than audits? For example, with certain locations > closing, key ceremonies may become impossible, leading to downed CRLs/OCSP > for intermediates.

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

On Fri, Mar 20, 2020 at 4:07 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > My question: What should "location" mean in the above requirement? > The WebTrust Practitioner Guidance offers a reasonable definition:

Fwd: Proposal for New CA Certificate Policy Module Owner

I posted the following message in the mozilla.governance forum. If you would like, please feel free to comment here in m.d.s.p. - Wayne -- Forwarded message - From: Wayne Thayer Date: Fri, Mar 13, 2020 at 11:11 AM Subject: Proposal for New CA Certificate Policy Module Owner To:

RE: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

What about issues other than audits? For example, with certain locations closing, key ceremonies may become impossible, leading to downed CRLs/OCSP for intermediates. There's also a potential issue with trusted roles even being able to access the data center if something goes down and Sub CAs

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

All, I will greatly appreciate your ideas about the following. In the Minimum Expectations section in https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay I added: "" * Both ETSI and WebTrust Audits must: ** Disclose each location that was included in the scope of the audit, as well as

AW: DFN-Verein: CPS/CP link in CCADB not in English

It was our assessment when adding data to CCADB, that Mozilla would be interested in the authoritative documents in CCADB and requires English (non-authoritative) translations to be readily available (“provided”) on our websites and upon request. The CCADB-policy states in chapter 5, that