On 03/04/2017 19:24, Ryan Sleevi wrote:
On Mon, Apr 3, 2017 at 12:58 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
taking a holiday and not being able to process a disclosure of a new
SubCA.
Considering that the CCADB does not requi
On 01/04/2017 03:49, Ryan Sleevi wrote:
On Fri, Mar 31, 2017 at 12:24 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
As previously stated, I think this will be too short if the issuance
happens at a time when a non-CCADB root program (or the
On 31/03/2017 19:31, tarah.syman...@gmail.com wrote:
On Friday, March 31, 2017 at 9:51:03 AM UTC-7, Jakob Bohm wrote:
Dear Tarah,
Below some friendly speculation as to what the parts that some bloggers
claimed was included (if those claims were somehow true) might have
been (i.e. where *you
On 30/03/2017 08:08, Gervase Markham wrote:
On 29/03/17 20:42, Jakob Bohm wrote:
That goal would be equally (in fact better) served by new market
entrants getting cross-signed by incumbents, like Let's encrypt did.
Google will be issuing from Google-branded intermediates under the
ex
KI, manual checking remains relevant.
On Wed, Mar 29, 2017 at 2:42 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 29/03/2017 16:47, Gervase Markham wrote:
On 29/03/17 15:35, Peter Kurrasch wrote:
In other words, what used to be a trust anchor
oogle-issued certificate while one would expect the opposite of
anything hosted outside the Alphabet group.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and ma
On 28/03/2017 16:13, Ryan Sleevi wrote:
On Tue, Mar 28, 2017 at 10:00 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
In principle any source of information could change just one minute
later. A domain could be sold, a company could declare bank
registrations etc.), providing little reason to impose the
inconvenience and cost of short certificate lifespans onto every
ongoing business and every personal website on the planet.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
, but would not have
given Mozilla sufficient assurance it is using this ability in a policy
compliant manner.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On
Behalf Of Jakob Bohm via dev-security-policy
Sent: Monday, March 27, 2017 3:58 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Grace Period for Sub-CA Disclosure
On 27/03/2017 23:41, Rob Stradling wrote:
On 27/0
On 27/03/2017 23:41, Rob Stradling wrote:
On 27/03/17 22:37, Jakob Bohm via dev-security-policy wrote:
It should also be made a requirement that the issued SubCA certificate
is provided to the CCADB and other root programs before providing it to
the SubCA owner/operator,
That'd be a bit
On 24/03/2017 21:03, Jakob Bohm wrote:
On 24/03/2017 19:08, Ryan Sleevi wrote:
On Fri, Mar 24, 2017 at 1:30 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Examples discussed in the past year in this group include the Taiwan
GRCA roots and s
On 24/03/2017 19:08, Ryan Sleevi wrote:
On Fri, Mar 24, 2017 at 1:30 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Examples discussed in the past year in this group include the Taiwan
GRCA roots and several of the SubCAs hosted by Verizon
On 24/03/2017 17:12, Peter Bowen wrote:
On Fri, Mar 24, 2017 at 9:06 AM, Ryan Sleevi via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
(Wearing an individual hat)
On Fri, Mar 24, 2017 at 10:35 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mo
not outsource to a third party would in this case not be allowed to
be "insourced" from the "CA operator" to the nominally responsible
organization.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45
On 24/03/2017 05:54, Walter Goulet wrote:
On Thursday, March 23, 2017 at 8:13:38 PM UTC-5, Jakob Bohm wrote:
On 23/03/2017 22:59, Walter Goulet wrote:
Hi all,
This is not directly related to Mozilla policy, CA issues or really any of the
normal discussions that I typically see in the group
it means to test applications/systems, most
notably because of the use of reserved, test-only domains. But I'd be really
interested in what others think.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
On 23/03/2017 20:27, Ryan Sleevi wrote:
On Thu, Mar 23, 2017 at 1:38 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 23/03/2017 17:09, Ryan Sleevi wrote:
(Posting in a Google Capacity)
I just wanted to notify the members of this Forum that w
nt their certificate.
The computing world at large would be significantly inconvenienced if
Symantec was forced to close down its CA business, in particular the
parts of that business catering to other markets than general WebPki
certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. ht
audit.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
rtificates not to match the current owner, those who are
looking at certificate chains should not be relying on the value in the root
certificate in the first place wrong in very significant situations.
Ryan
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformerve
during the
transition and the discussed inapplicability of some wording in the
old Google CP/CPS to the new situation.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
At least in one Mozilla-based browser, the UI shows the name of the
Intermediary as a tooltip, not of the root. So OK for this case.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is
On 08/03/2017 14:18, Ryan Sleevi wrote:
On Wed, Mar 8, 2017 at 1:36 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I am simply going by the wording in Gervs posting not stating what you
stated. I presume that if Gerv wanted to complete eliminate t
On 08/03/2017 06:27, Ryan Sleevi wrote:
On Tue, Mar 7, 2017 at 11:23 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I saw nothing in Gervs posting suggesting that banning all kinds of
RA/DTP relationships was the intended effect.
But would yo
On 08/03/2017 04:21, Ryan Sleevi wrote:
On Tue, Mar 7, 2017 at 8:08 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I contradicted you in saying that RAs (or DTP as you now want to call
them) were not supposed to be banned by the policy change.
On 08/03/2017 01:40, Ryan Sleevi wrote:
On Tue, Mar 7, 2017 at 6:26 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 07/03/2017 21:37, Ryan Sleevi wrote:
To make it simpler, wouldn't be a Policy Proposal be to prohibit Delegated
Third Partie
ar RAs handle in-person verification steps for a
small geographic area (such as schemes where each city hall handles
checking photo ID of applicants as part of validation at better
than EV level).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860
emain valid, though no further
such certificates were issued in this interim period.
Similarly could Google and/or GTS issue a dedicaed CP/CPS pair for the
new roots during the brief period where Google (not GTS) had control of
those new roots.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseM
dows command is "certutil -f -urlfetch
-verify [certificatefile]", which other CAs' revoked and unrevoked
certificates are working fine with.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This
send)
NiceCA-via-JoeRA-SSL-Regular-March-2017.cer (PEM format)
X NiceCA-SHA256RSA-Root-2016.cer (PEM format)
NiceCA-SHA256RSA-Root-2016-cross-by-UserFirst.cer (PEM format)
X UserFirst-ancient-root.cer (PEM format)
--- End example ---
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseM
On 14/02/2017 22:03, Nick Lamb wrote:
On Tuesday, 14 February 2017 17:55:18 UTC, Jakob Bohm wrote:
Unfortunately, for these not-quite-web-server things (printers, routers
etc.), automating use of the current ACME Let's encrypt protocol with
or without hardcoding the Let's Encrypt URL is a non
e tool/script
for doing ACME in a semi-offline way that doesn't presume that the ACME
client has any kind of direct control over the servers that will be
configured with the certificates. Such a tool could be installed once
by a site and then used to generate certs for the various "web-managed&qu
On 10/02/2017 16:34, Ryan Sleevi wrote:
On Thu, Feb 9, 2017 at 11:40 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
For clarity, I was pointing out that GTS seems to have chosen a method
likely to fail if an when actually needed, due to the t
On 10/02/2017 05:42, Ryan Sleevi wrote:
On Thu, Feb 9, 2017 at 3:39 PM, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org
<mailto:dev-security-policy@lists.mozilla.org>> wrote:
Additional issue #2: The information at https://pki.goog/ about how t
) tends to require reaction
times measured in days/weeks rather than the 1 day maximum specified
in Google's CPS.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
On 09/02/2017 18:20, Jakob Bohm wrote:
On 09/02/2017 10:59, Gervase Markham wrote:
On 08/02/17 11:25, Jakob Bohm wrote:
My logic is that adding additional entropy to a serial number whose
length is fully controlled by CA procedures can increase the
mitigations against SHA-1 weaknesses
On 09/02/2017 10:59, Gervase Markham wrote:
On 08/02/17 11:25, Jakob Bohm wrote:
My logic is that adding additional entropy to a serial number whose
length is fully controlled by CA procedures can increase the
mitigations against SHA-1 weaknesses. For example if the existing CA
setup uses all
On 07/02/2017 20:49, David E. Ross wrote:
On 2/7/2017 11:15 AM, Jakob Bohm wrote:
Root certificates previously withdrawn for this purpose are encouraged
to report this fact to Mozilla by and to maintain valid entries in
the CCADB for such roots, all for the benefit of organizations
is purpose are encouraged
to report this fact to Mozilla by and to maintain valid entries in
the CCADB for such roots, all for the benefit of organizations that
maintain or service software that are or interoperate with such older
software.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A
On 03/02/2017 14:30, Ryan Sleevi wrote:
On Thu, Feb 2, 2017 at 9:37 PM Jakob Bohm <jb-mozi...@wisemo.com> wrote:
On 03/02/2017 05:22, Ryan Sleevi wrote:
On Thu, Feb 2, 2017 at 3:59 PM, Jakob Bohm <jb-mozi...@wisemo.com>
wrote:
On 02/02/2017 00:46, Kathleen Wilson wrote:
All,
On 03/02/2017 05:22, Ryan Sleevi wrote:
On Thu, Feb 2, 2017 at 3:59 PM, Jakob Bohm <jb-mozi...@wisemo.com> wrote:
On 02/02/2017 00:46, Kathleen Wilson wrote:
All,
I've added another Potentially Problematic Practice, as follows.
https://wiki.mozilla.org/CA:Problematic_Pra
, the CA
must publish a list of the exact IssuerDN encodings used in such
certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
On 28/01/2017 07:51, Peter Gutmann wrote:
Jakob Bohm <jb-mozi...@wisemo.com> writes:
DSA and ECDSA signatures are only secure if the hash algorithm is specified
in the certificate, presumably as part of the AlgorithmIdentifier in the
SubjectPublicKeyInfo.
It's in the (badly-named) sig
On 27/01/2017 10:06, Gervase Markham wrote:
On 26/01/17 14:12, Jakob Bohm wrote:
Given that Mozilla has been reducing the scope and generality of their
root store over the past few years, I would suggest reaching out to
those organizations that base their public root stores on the Mozilla
store
r. We revoked all reported certificates
which were still valid that had not previously been revoked within the 24
hour CA/B Forum guideline - these certificates each had "O=test". Our
investigation is continuing.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Tra
o/dev-security-policy
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Managem
org/sid/ca-certificates
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
On 25/01/2017 09:40, okaphone.elektron...@gmail.com wrote:
On Wednesday, 25 January 2017 08:25:41 UTC+1, Jakob Bohm wrote:
Tiny nit: What if the original language of the CP/CPS is English. Then
there can't be a "translation" etc.
Mmmm... indeed.
It actually says "The
On 20/01/2017 00:35, Nick Lamb wrote:
On Thursday, 19 January 2017 20:20:24 UTC, Jakob Bohm wrote:
Google's CT initiative in its current form has serious privacy problems
for genuine certificate holders. I applaud any well-run CA that stands
up to this attack on the Internet at large.
I
.
...somebody has to lead by example and soon!
Hopefully not you.
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
On 18/01/2017 16:20, Gervase Markham wrote:
On 17/01/17 23:27, Jakob Bohm wrote:
Notes on the text in that branched section (other than the actual
change discussed here):
This paranthesis indicates none of these are in scope for this
particular issue, just something that might be their own
On 18/01/2017 01:12, Nick Lamb wrote:
On Tuesday, 17 January 2017 23:34:20 UTC, Jakob Bohm wrote:
How about "_and versions and strong (>= 256 bits) hashes_",
Frankly any _cryptographic_ hash should be adequate for this purpose. Even for
the most creaky crypto hashes I can think
e no problem
generating such hashes for the documents audited, and a future update
of the Mozilla "CA community portal" might include a script that checks
these hashes while archiving the CP/CPS documents.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transf
audit criteria for e-mail certificates as
trusted by Mozilla Thunderbird.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
of their
issuance infrastructure, both testing that certificates are issued for domains
they should be, and that they are not issued for domains that they should
not be, under an adversarial threat model.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860
e (for non-certificate purposes) used to verify a url that just
had to return a string that said "google-site-verification: URL" where
URL was the file name part of the Url, this may or may not have been
foolable. This was done per exact domain.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
neric EC functions,
it doesn't list curves that won't work in that particular context.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain error
But it seems most objections have been ignored and the draconian rule
instated.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
On 16/12/2016 12:22, Hanno Böck wrote:
On Fri, 16 Dec 2016 02:51:47 +0100
Jakob Bohm <jb-mozi...@wisemo.com> wrote:
[Snip: Discussion of potential odd client bug]
...
I wonder if Let's Encrypt ever issued SHA-1 certificates, and if any
of those are non-expired.
Almost certainly not.
to the edge of what the spec allows. I don't think it should
be much of a cost to pregenerate responses for both forms of CertID
(SHA-256 and SHA-1) and send the response matching the query what is
asked.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29
-signing certificates, and the former have
3 month lifetime).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
On 09/12/2016 00:48, David E. Ross wrote:
On 12/8/2016 1:41 PM, Jakob Bohm wrote [in part]:
It is in particular noted that these things are a lot less than what
any of the regular CC licenses permit. For example, Mozilla has no
reason to require that other CA operators be permitted to reuse
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Em
On 04/12/2016 06:00, capuchin...@gmail.com wrote:
Jakob Bohm於 2016年12月4日星期日 UTC+8上午1時23分16秒寫道:
You have made a fundamental technical mistake.
I do not understand that why do you said that we made a fundamental technical
mistake? As I had participated in drafting RFC 5280, I am sure that our
riginal" and "2016 with original"
certificates) should point to different CRL and OCSP URLs that are
signed with SHA-256, but still reports all the old revoked SHA-1 certs.
P.S.
Be careful when revoking the "original with 2012" certificate, when
GlobalSign recently did
checks.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Em
not
been posted yet, indicating that Mozilla will just have to put the
inclusion request on hold until then.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-bindi
On 17/11/2016 01:14, Matt Palmer wrote:
On Wed, Nov 16, 2016 at 04:35:18PM +0100, Jakob Bohm wrote:
Redacted CT records that tell the world that "there is this single
certificate with this full TBS hash and these technical extensions
issued to some name domain/e-mail under exampl
On 16/11/2016 02:13, Nick Lamb wrote:
On Tuesday, 15 November 2016 09:35:17 UTC, Jakob Bohm wrote:
The HTTPS-everywhere tendency, including the plans of some people to
completely remove unencrypted HTTP from implementations, makes it
necessary for non-public stuff connected to the Internet
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
t it's best
for you to hire a professional translator.
Since CPS is very critical, I hope you understand what I said before. I don't
want another Wosign incident happen again.
Note that he said most of these things already in his post dated Thu,
27 Oct 2016 03:21:53 -0700 (PDT)
Enjoy
Jakob
--
Jako
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Em
of the transition away from SHA-1, those roots were
usually cross signed by their already trusted SHA-1 roots).
Perhaps a better text would be
"1 and a half) The CA private key must not be used for any other CA or
entity, but a CA may have more than one CA Certificate for that private
key&
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 08/11/2016 20:37, Gervase Markham wrote:
On 08/11/16 19:11, Jakob Bohm wrote:
However because all the sources are from a single entity (the UK
government), that entity could manipulate the results, thus falsifying
the provable randomness of the process.
I think you are bikeshedding
On 08/11/2016 20:51, Ryan Sleevi wrote:
On Tue, Nov 8, 2016 at 11:24 AM, Jakob Bohm <jb-mozi...@wisemo.com> wrote:
Diversity requirements are about reducing the likelihood of
simultaneous coercion, as it can never be ruled out that some powerful
organization already engaged in such things
ckhanded tactics to subvert a log operator that is entirely outside
its direct jurisdiction.
History has taught us that such things do happen from time to time.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 1
time, e.g. 12:00 noon
UTC.
P.S.
I am aware of the current zero-difference between UK local time and
UTC, but this was not so just 10 days ago.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
T
claiming that.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 04/11/2016 15:42, Hanno Böck wrote:
On Fri, 4 Nov 2016 14:09:55 +0100
Jakob Bohm <jb-mozi...@wisemo.com> wrote:
* How do we allow organization internal non-public CAs to not reveal
their secret membership/server lists to public CT systems or
otherwise run the (administra
made aware that the "service agreement"
allowing the issuance has been terminated.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain err
was
surprised when https://crt.sh/atom?q=crt.sh alerted me to
https://crt.sh/?id=42619974
So I guess you haven't added your own domains (such as crt.sh) to the
list of "high-value manual review" domains for your own certificate
issuance processes?
Enjoy
Jakob
--
Jakob Bohm, CI
On 02/11/2016 17:08, Peter Bowen wrote:
On Wed, Nov 2, 2016 at 8:26 AM, Tom Ritter <t...@ritter.vg> wrote:
On 2 November 2016 at 09:44, Jakob Bohm <jb-mozi...@wisemo.com> wrote:
The only thing that might be a CA / BR issue would be this:
There's been (some) mention that even if
robbery. Only that
the CA operational principle in question might be the same.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
On 22/10/2016 14:59, Ryan Sleevi wrote:
On Saturday, October 22, 2016 at 5:11:29 AM UTC-7, Jakob Bohm wrote:
Talking of codesigning, which root store does Chrome use to validate
signatures on the PPAPI plug ins it is currently forcing developers to
switch to?
I've mentioned to you repeatedly
that
were not published.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
completed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
just a
technical level).
Each of my examples above are examples of changes that could (and have
apparently in the past) lead downstream stores astray without that
tidbit of information.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg
On 18/10/2016 20:50, douglas.beat...@gmail.com wrote:
On Monday, October 17, 2016 at 4:19:34 PM UTC-7, Jakob Bohm wrote:
On 16/10/2016 09:59, Adrian R. wrote:
Hello
i read in the news (but not here on m.d.s.p) that a few days ago Globalsign
revoked one of their intermediary roots and then un
date
signatures on the PPAPI plug ins it is currently forcing developers to
switch to?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
Wi
On 18/10/2016 14:35, Gervase Markham wrote:
On 17/10/16 16:35, Jakob Bohm wrote:
In the not so distant past, the Mozilla root program was much more
useful due to different behavior:
1. Mozilla managed the root program based on an assumption that relying
parties would use the common standard
On 18/10/2016 01:22, Kurt Roeckx wrote:
On Tue, Oct 18, 2016 at 12:39:42AM +0200, Kurt Roeckx wrote:
On Tue, Oct 18, 2016 at 12:22:21AM +0200, Jakob Bohm wrote:
Over the past few years, this has caused the Mozilla root list to
become less and less useful for the rest of the open source world
and if so, which one.
5. If this was e-mailed to all potentially affected certificate
holders, or just dumped in some public forums which certificate
holders might not see in time to take necessary action.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transfo
On 18/10/2016 00:39, Kurt Roeckx wrote:
On Tue, Oct 18, 2016 at 12:22:21AM +0200, Jakob Bohm wrote:
Over the past few years, this has caused the Mozilla root list to
become less and less useful for the rest of the open source world, a
fact which at least some of the Mozilla-root-list-copying
the Qihoo 360 HQ
vault, is this the HSM for the StartCOM CA root, and/or the HSM for the
Intermediary certificates?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is n
to ensure that Richard Wang or his
underlings have not used that key in ways not logged in the log files
and databases now controlled by the new StartCOM?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
of income while keeping up significant
operational costs just for the hope of maybe getting readmitted.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
that might be distrusted, disclosure of e-mail only cross signatures
and e-mail only subCAs still need to be disclosed in order to maintain
root program integrity.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
T
401 - 500 of 570 matches
Mail list logo
