RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-22 Thread Jeremy Rowley via dev-security-policy
2018 9:31 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-22 Thread Nick Lamb via dev-security-policy
On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy wrote:7.  List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-21 Thread Wayne Thayer via dev-security-policy
t.com> > Cc: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: DigiCert .onion certificates without Tor Service Descriptor > Hash > extension > > Thanks, Jeremy. > > I also found a certificate [1] with both 16-character.onion and > 56-character.onion address

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-19 Thread Jeremy Rowley via dev-security-policy
.mozilla.org Subject: Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension Thanks, Jeremy. I also found a certificate [1] with both 16-character.onion and 56-character.onion addresses [2] listed in the SAN. The v3 address is not included in the 2.23.140.1.31 extension,

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-12 Thread Alex Cohn via dev-security-policy
t; > Jeremy > > -Original Message- > From: dev-security-policy > <dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org> > On Behalf Of Alex Cohn via dev-security-policy > Sent: Sunday, March 11, 2018 9:37 PM > To: dev-security-policy@list

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-12 Thread Jeremy Rowley via dev-security-policy
policy Sent: Sunday, March 11, 2018 9:37 PM To: dev-security-policy@lists.mozilla.org Subject: DigiCert .onion certificates without Tor Service Descriptor Hash extension In the EV Guidelines [1], Appendix F states "The CA MUST include the CAB Forum Tor Service Descriptor Has

DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-11 Thread Alex Cohn via dev-security-policy
In the EV Guidelines [1], Appendix F states "The CA MUST include the CAB Forum Tor Service Descriptor Hash extension in the TBSCertificate convey hashes of keys related to .onion addresses." This language was added in Ballot 201 [2], which had an effective date of 8 July 2017. The following