Hi
I would support your idea, but it's quite hard to implement it. If a
server use TLS 1.2 and HSTS, you still don't know if the connection is
really secure.
But it would be easier if Firefox would show more details about
protocol, ciphers etc.
Am 17.09.2014 um 17:20 schrieb Richard Barnes:
Hi all
A few weeks ago, I got some mails about a broken iframe. The secure
connection to the remote server failed (OCSP error). The site was signed
by Swiss Government SSL CA 01. I contacted the technical support and
they told me, that the Federal Office of Information Technology, Systems
and
Thank you!
Please inform me if you were successful.
Regards,
Jonas
Am 06.02.2015 um 16:43 schrieb Medin, Steven:
I will contact the Swiss BIT and discuss.
Kind regards,
Steven Medin
Product Manager, Identity and Access Management
Verizon Enterprise Solutions
-Original
I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP.
The later one is not that far away [1].
Maybe it's the right time to consider them?
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105
Am 05.11.2015 um 19:46 schrieb Kathleen Wilson:
> The next two topics to discuss [1] have
Yes, some hosts are pinned:
https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json
MITM is *always* bad and breaks the web. Modern browsers, especially
Firefox, have great features to protect the users and this is something
good. I'm pretty sure your students
Hi
As far as I know we have the following status:
> Add a security warning to the Web Console to remind developers that
they should not be using a SHA-1 based certificates
Has already been fixed. But currently SHA-1 is only exposed in the
console, not on the lock icon so far.
> Show the
JFYI:
https://oalmanna.blogspot.com/2016/03/startssl-domain-validation.html
https://startssl.com/NewsDetails?date=20160322
https://startssl.com/NewsDetails?date=20160323
Regards,
Jonas
signature.asc
Description: OpenPGP digital signature
___
Of course, adding the affected certs to OneCRL should be done immediately.
WoSign also has to be transparent about all (mis) issued certs in the
past and have to provide this info in the future.
If they can't, I think we may consider if the current certs that are
valid for 3 years should be
The affected cert has been logged here: https://crt.sh/?id=34242572
Am 24.09.2016 um 02:33 schrieb Richard Wang:
> First, I must make declaration that I don't know "Showfom", and I don't know
> if he/she is a WoSign customer.
>
> As I said in my final statement that I wish all Mozilla trusted
I think that's the security.pki.sha1_enforcement_level pref [1][2].
Regards,
Jonas
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=942515#c35
[2]
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/
Am 16.09.2016 um 16:53 schrieb
Hi
Does this also affect the root CA of StartCom Class 4 (EV) and Class 3
(OV) certs?
Regards,
Jonas
Am 30.11.2016 um 21:32 schrieb
certificate-authority-prog...@group.apple.com:
> We are taking further actions to protect users in an upcoming security
> update. Apple products will block
Hi
Google delivers the certificate [1] to me, for *.google.com,
*.youtube.com and other major services.
However, the OCSP service [2] does not work for me. I verified this from
multiple locations, machines, OSes and versions of Firefox. Furthermore,
I used SSL Labs [3] and the status on crt.sh
Hi
Thanks for investigating.
First of all, my previously curl command is not suitable to verify a
OCSP status. It only works for OCSP stapling which is not supported by
Google servers.
You may use openssl ocsp instead:
openssl ocsp -issuer [GoogleInternetAuthorityG2.crt] -cert
[googlecom.crt]
Hi,
While I was connected to an IPv6-only network I noticed, that some CAs
(e.g. Amazon, DigiCert, GoDaddy, QuoVadis) do not provide IPv6 on their
CRL and OCSP endpoints. This means that certificate revocation does not
work if you have no IPv6 or, depending on your security policy (e.g.
require
14 matches
Mail list logo
