On Thu, May 21, 2020 at 02:01:49PM -0700, Daniela Hood via dev-security-policy
wrote:
> After that we followed the Baseline Requirements 4.9.1 That says: "The CA
> obtains evidence that the Subscriber's Private Key corresponding to the
> Public Key in the Certificate suffered a Key Compromise;"
While I realize the current topic is concerning TLS, I find it rather
surprising that Mozilla Policy does not mandate PoP for S/MIME certificate
issuance. Lack of checking for S/MIME would present more concrete security
concerns, so perhaps this should be addressed in a future update to the
Yes - that's been well established. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1639801 (where Ryan reminded me
that this has been discussed and resolved with actual language in the BRs)
-Original Message-
From: dev-security-policy On
Behalf Of Kurt Roeckx via dev-security-policy
On Thu, May 21, 2020 at 02:01:49PM -0700, Daniela Hood via dev-security-policy
wrote:
> Hello Sandy,
>
> GoDaddy received an email on Friday, May 7, 2020 12:06 UTC, reporting a key
> compromise, by Sandy. Once received our team started working on making sure
> that the certificate had indeed a
On Thursday, May 21, 2020 at 10:06:02 AM UTC-7, sandy...@gmail.com wrote:
> On Thursday, May 21, 2020 at 12:33:25 PM UTC+10, Matt Palmer wrote:
> > On Tue, May 19, 2020 at 07:33:00PM -0700, sandybar497--- via
> > dev-security-policy wrote:
> > > Here are the original headers (omitting my email)
>
On Thursday, May 21, 2020 at 12:33:25 PM UTC+10, Matt Palmer wrote:
> On Tue, May 19, 2020 at 07:33:00PM -0700, sandybar497--- via
> dev-security-policy wrote:
> > Here are the original headers (omitting my email)
> >
> > ***
> >
> > MIME-Version: 1.0
> > Date: Thu, 7 May 2020 12:07:07 +
>
6 matches
Mail list logo