Apple's response to the WoSign incidents

2016-10-01 Thread certificate-authority-prog...@group.apple.com
Blocking Trust for WoSign CA Free SSL Certificate G2 Certificate Authority WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA. Although no WoSign root is in the list of Apple trusted roots, this

Apple's response to the WoSign incidents

2016-10-01 Thread ramriot
Do you have a link to that process and is it automated. Reason is I have a few hundred startSSL certs that my clients rely on. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: Apple's response to the WoSign incidents

2016-10-01 Thread Peter Bowen
On Sat, Oct 1, 2016 at 6:40 AM, wrote: > Do you have a link to that process and is it automated. Reason is I have a > few hundred startSSL certs that my clients rely on. I can't speak for the specific process Apple is using, but in general you can use https://crt.sh/ or

Re: Apple's response to the WoSign incidents

2016-10-01 Thread Kurt Roeckx
On Sat, Oct 01, 2016 at 11:35:06AM -0700, Percy wrote: > "Apple products will trust individual existing certificates issued from this > intermediate CA and published to public Certificate Transparency log servers > by 2016-09-19" > > It seems that Apple has taken the explicit white-listed

Re: Apple's response to the WoSign incidents

2016-10-01 Thread Eric Mill
On Sat, Oct 1, 2016 at 6:40 AM, wrote: > Do you have a link to that process and is it automated. Reason is I have a > few hundred startSSL certs that my clients rely on. > Apple's statement was limited specifically to WoSign. StartSSL certificates won't be affected, though

Re: WoSign and StartCom

2016-10-01 Thread Erwann Abalea
Bonjour, Le samedi 1 octobre 2016 11:02:21 UTC+2, Stefan Paletta a écrit : [...] > I have one question about the proposal: what is the rationale and > justification for the one-year minimum distrust? While this seems quite > reasonable at first glance, my thinking is this: clearly, the proposed

Re: Apple's response to the WoSign incidents

2016-10-01 Thread Percy
"Apple products will trust individual existing certificates issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19" It seems that Apple has taken the explicit white-listed approach despite the size drawback mentioned in the other thread. I