Re: Apple: Non-Compliant Serial Numbers

2019-05-03 Thread certification_authority--- via dev-security-policy
On May 3, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Most certificates have been revoked and less than 1% of the total population of

Re: Apple: Non-Compliant Serial Numbers

2019-04-07 Thread certification_authority--- via dev-security-policy
On April 6, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Over 10,000 additional certificates have been revoked since our last update. In

Re: Apple: Non-Compliant Serial Numbers

2019-04-06 Thread certification_authority--- via dev-security-policy
On Monday, April 1, 2019 at 5:21:14 AM UTC-6, Jakob Bohm wrote: [Apple Responses] ___ > For the benefit of the community (including possible future creation of > policies for mass revocation scenarios), could

Re: Apple: Non-Compliant Serial Numbers

2019-04-05 Thread certification_authority--- via dev-security-policy
> 1. How many of the 54,583 certificates are issued to Apple owned and > operated servers and services and how many not. All impacted certificates were issued to Apple entities > 2. What kinds of practical issues are delaying the replacement of > certificates on any such Apple operated

Re: Apple: Non-Compliant Serial Numbers

2019-04-01 Thread Jakob Bohm via dev-security-policy
On 30/03/2019 22:16, certification_author...@apple.com wrote: > On March 30, Apple submitted an update to the original incident report > (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted > below. >

Re: Apple: Non-Compliant Serial Numbers

2019-03-30 Thread certification_authority--- via dev-security-policy
On March 30, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. ___ We've been working our plan to revoke impacted

Re: Apple: Non-Compliant Serial Numbers

2019-03-23 Thread certification_authority--- via dev-security-policy
On March 22, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Over 115,000 additional certificates have been revoked since our last update leaving less than 10% of the total population of impacted

Re: Apple: Non-Compliant Serial Numbers

2019-03-12 Thread certification_authority--- via dev-security-policy
wser Forum Ballot 164 (https://cabforum.org/pipermail/public/2016-June/007861.html) [3] Mozilla Root Store Policy, version 2.4, section Maintaining Confidence in Included Root Certificates, number 7 (https://wiki.mozilla.org/CA/Root_Store_Policy_Archive) [4] DigiCert: Apple: Non-compliant Se

Re: Apple: Non-Compliant Serial Numbers

2019-03-12 Thread certification_authority--- via dev-security-policy
html) [3] Mozilla Root Store Policy, version 2.4, section Maintaining Confidence in Included Root Certificates, number 7 (https://wiki.mozilla.org/CA/Root_Store_Policy_Archive) [4] DigiCert: Apple: Non-compliant Serial Numbers Mozilla Bug Report (https://bugzilla.mozilla.org/show_bug.cgi?id=153

Apple: Non-Compliant Serial Numbers

2019-03-08 Thread certification_authority--- via dev-security-policy
Yesterday, Apple submitted this preliminary incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1533655, which is reposted below. On 2019-03-06 we determined that we were issuing certificates with non-compliant serial numbers because of the EJBCA issue [1]. We fixed the problem