On 14/09/2016 16:11, Kyle Hamilton wrote:
On 9/12/2016 20:20, Jakob Bohm wrote:
On 13/09/2016 03:03, Kyle Hamilton wrote:
I would prefer not to see a securelogin-.arubanetworks.com
name, because such makes it look like Aruba Networks is operating the
captive portal. If (for
On 9/12/2016 20:20, Jakob Bohm wrote:
> On 13/09/2016 03:03, Kyle Hamilton wrote:
>> I would prefer not to see a securelogin-.arubanetworks.com
>> name, because such makes it look like Aruba Networks is operating the
>> captive portal. If (for whatever reason) the system is
On 13/09/2016 03:03, Kyle Hamilton wrote:
I would prefer not to see a securelogin-.arubanetworks.com
name, because such makes it look like Aruba Networks is operating the
captive portal. If (for whatever reason) the system is compromised, or
the login process is altered, or there's
I would prefer not to see a securelogin-.arubanetworks.com
name, because such makes it look like Aruba Networks is operating the
captive portal. If (for whatever reason) the system is compromised, or
the login process is altered, or there's a need to enter credit card
information [I
On Wed, 7 Sep 2016 03:55:02 -0700 (PDT), Nick Lamb wrote:
> If you DIY, the rate limits obviously aren't a problem, and lots of DIY
> devices have Let's Encrypt issued certificates today. Home "routers" built
> out of a Raspberry Pi or a Mini PC are fairly popular with hobbyists. So rate
>
This certificate was just revoked. Kyle, thanks for bringing this to our
attention - we were able to start work once you posted here at m.d.s.policy.
Kind regards,
Steven Medin
PKI Policy Manager, Symantec Corporation
-Original Message-
From: dev-security-policy
Responding to the scenario Jakob described which I agree is likely in outline
Let's Encrypt has seen a number of enquiries about relaxing their rate limits
or granting some sort of exception so that firmware OEMs can use Let's Encrypt
to have their devices self-issue using ACME from a name pool
Given the specific name in those certificates, and the place where the
private key was seen, I would guess the actual use case is this:
Each router (presumably a SOHO router) contains a DNS server that
responds with its own internal RFC1918 IP address for the name
securelogin.arubanetworks.com
BRs require revocation within 24 hours of notice. It's a terrible timeline but
one the browsers have strictly enforced for even wide spread deployments.
> On Sep 6, 2016, at 4:30 PM, Steve Medin wrote:
>
> We have become aware of this certificate and its key
We have become aware of this certificate and its key compromise, thank you
for this information. We are contacting the owner to understand impact to
the deployed devices, but with clear intent to revoke. We will provide
updates while we make progress.
Kind regards,
Steven Medin
PKI Policy
On 06/09/16 18:25, Kyle Hamilton wrote:
> Aruba chose not to notify GeoTrust that it needed to be revoked due to
> compromised private key. I am notifying because I believe it violates
> the Basic Requirements for someone other than the identified subject to
> possess the private key for a
11 matches
Mail list logo