Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Sun, Jul 12, 2020 at 4:19 PM Oscar Conesa via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > To obtain this confidence, CAs must comply with all the requirements > that are imposed on them in the form of Policies, Norms, Standards and > Audits that are decided on an

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Sun, Jul 12, 2020 at 10:13:59PM +0200, Oscar Conesa via dev-security-policy wrote: > Some CAs may want to assume a leadership role in the sector and unilaterally > assume more additional strict security controls. That is totally legitimate. > But it is also legitimate for other CAs to assume a

Re: New Blog Post on 398-Day Certificate Lifetimes

On Sat, 11 Jul 2020 11:06:56 +1000 Matt Palmer via dev-security-policy wrote: > A histogram of the number of certificates grouped by their notBefore > date is going to show a heck of a bump on August 31, I'll wager. > Will be interesting to correlate notBefore with SCTs. I expect there will be a

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On 12/7/20 2:21, Ryan Sleevi wrote: I want to be clear here: CAs are not trusted by default. The existence of a CA, within a Root Program, is not a blanket admission of trust in the CA. Here we have a deep disagreement: A CA within a Root Program must be considered as a trusted CA by