Firefox Mobile - Which Trust Store?

Does Firefox mobile use the NSS trust store? I can't find any information, but it seems most mobile browsers use the OS trust store. Kenneth Myers Manager Protiviti | 1640 King Street | Suite #400 | Alexandria | VA 22314 US | Protiviti.com NOTICE: Protiviti is a

Re: Certificate with invalid dnsName issued from Baltimore

I've contacted the DHS PKI PMO and informed the DoD PKI PMO of the mis-issued certificates. Kenneth Myers Supporting the GSA Federal PKI Management Authority Manager Protiviti | 1640 King Street | Suite #400 | Alexandria | VA 22314 US | Protiviti.com NOTICE: Protiviti is a global consulting

Re: Symantec Response L

IdenTrust operates an issuing CA for the US Federal Government - General Services Administration - Access Certificates for Electronic Services Program (ACES). It is a government sponsored PKI program separate from the Non-Federal issuer programs under the Federal Bridge. ACES certificates are

Re: Symantec Response L

I don't know if it was mentioned elsewhere but Symantec had an MOA with the Federal PKI which required cross-certificates. If Symantec revoked it, the MOA would also have been violated which would have severed the trust with the Federal PKI and Symantec customers. To the particular IdenTrust

Re: Let's Encrypt Blocklist Incident, November 21 2016

This is one of the issues with a WebTrust audit in that WebTrust Auditors may not look at a CP/CPS depending on the management assertion. The trust in PKI is based on documented procedures so to not operate against a CP/CPS degrades the trust in PKI. The US Federal PKI have run into a similar

Re: SHA-1 Phase-out

Hi Gerv, I've been trying to stay on top of the SHA-1 phase-out discussion but lost track. Where did it leave off? I think I saw something of doing a ban at the browser level to not trust the SHA-1 algorithm. Is this possible? Kenneth Myers Manager +1.571.366.6120 +1.703.299.3046 fax

Re: Audit requirements

I think it has also been discussed of the consistency between WebTrust auditors. The WebTrust for CA use of criteria and illustrative controls may leave to much room for interpretation by an auditor. There is also the potential gap between the WebTrust licensed firm and the individual auditors

Re: [FORGED] Re: Incidents involving the CA WoSign

There could be multiple reasons for xcerts from internal policies to controlled trust stores. It depends on the root and the company. Part of the reason the FPKI has xcerts is for both those reasons. Companies may only want to use their root. They may not want to rely on the trust bundle

FW: Intermediate certificate disclosure deadline in 2 weeks

stradl...@comodo.com] Sent: Monday, June 27, 2016 09:01 To: Myers, Kenneth (10421) <kenneth.my...@protiviti.com>; dev-security-policy@lists.mozilla.org Subject: Re: Intermediate certificate disclosure deadline in 2 weeks On 27/06/16 12:13, Myers, Kenneth (10421) wrote: > The Federal PKI has a tool t