subject:"Compromised certificate that the owner didn't wish to revoke \(signed by GeoTrust\)"

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-14 Thread Jakob Bohm

On 14/09/2016 16:11, Kyle Hamilton wrote: On 9/12/2016 20:20, Jakob Bohm wrote: On 13/09/2016 03:03, Kyle Hamilton wrote: I would prefer not to see a securelogin-.arubanetworks.com name, because such makes it look like Aruba Networks is operating the captive portal. If (for

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-14 Thread Kyle Hamilton

On 9/12/2016 20:20, Jakob Bohm wrote: > On 13/09/2016 03:03, Kyle Hamilton wrote: >> I would prefer not to see a securelogin-.arubanetworks.com >> name, because such makes it look like Aruba Networks is operating the >> captive portal. If (for whatever reason) the system is

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-12 Thread Jakob Bohm

On 13/09/2016 03:03, Kyle Hamilton wrote: I would prefer not to see a securelogin-.arubanetworks.com name, because such makes it look like Aruba Networks is operating the captive portal. If (for whatever reason) the system is compromised, or the login process is altered, or there's

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-12 Thread Kyle Hamilton

I would prefer not to see a securelogin-.arubanetworks.com name, because such makes it look like Aruba Networks is operating the captive portal. If (for whatever reason) the system is compromised, or the login process is altered, or there's a need to enter credit card information [I

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-08 Thread Jernej Simončič

On Wed, 7 Sep 2016 03:55:02 -0700 (PDT), Nick Lamb wrote: > If you DIY, the rate limits obviously aren't a problem, and lots of DIY > devices have Let's Encrypt issued certificates today. Home "routers" built > out of a Raspberry Pi or a Mini PC are fairly popular with hobbyists. So rate >

RE: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-07 Thread Steve Medin

This certificate was just revoked. Kyle, thanks for bringing this to our attention - we were able to start work once you posted here at m.d.s.policy. Kind regards, Steven Medin PKI Policy Manager, Symantec Corporation -Original Message- From: dev-security-policy

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-07 Thread Nick Lamb

Responding to the scenario Jakob described which I agree is likely in outline Let's Encrypt has seen a number of enquiries about relaxing their rate limits or granting some sort of exception so that firmware OEMs can use Let's Encrypt to have their devices self-issue using ACME from a name pool

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-07 Thread Jakob Bohm

Given the specific name in those certificates, and the place where the private key was seen, I would guess the actual use case is this: Each router (presumably a SOHO router) contains a DNS server that responds with its own internal RFC1918 IP address for the name securelogin.arubanetworks.com

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-06 Thread Jeremy Rowley

BRs require revocation within 24 hours of notice. It's a terrible timeline but one the browsers have strictly enforced for even wide spread deployments. > On Sep 6, 2016, at 4:30 PM, Steve Medin wrote: > > We have become aware of this certificate and its key

RE: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-06 Thread Steve Medin

We have become aware of this certificate and its key compromise, thank you for this information. We are contacting the owner to understand impact to the deployed devices, but with clear intent to revoke. We will provide updates while we make progress. Kind regards, Steven Medin PKI Policy

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-06 Thread Gervase Markham

On 06/09/16 18:25, Kyle Hamilton wrote: > Aruba chose not to notify GeoTrust that it needed to be revoked due to > compromised private key. I am notifying because I believe it violates > the Basic Requirements for someone other than the identified subject to > possess the private key for a

Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

2016-09-06 Thread Kyle Hamilton

As far as I know, GeoTrust is not at fault here. They just signed this (domain validated) certificate, and I don't know if they've been notified of it before. That said, I don't have GeoTrust's contact info, and I'm presuming that someone here does. Information here comes from

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

RE: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

RE: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust)

12 matches

Site Navigation

Mail list logo

Footer information