On Wednesday, July 8, 2020 at 6:02:56 AM UTC+3, Ryan Sleevi wrote:
> The question is simply whether or not user agents will accept the risk of
> needing to remove the root suddenly, and with significant (e.g. active)
> attack, or whether they would, as I suggest, take steps to remove the root
>
On Wednesday, 8 July 2020 05:02:56 UTC+2, Ryan Sleevi wrote:
> On Tue, Jul 7, 2020 at 10:36 PM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Mon, Jul 06, 2020 at 10:53:50AM -0700, zxzxzx9--- via
> > dev-security-policy wrote:
> > > Can't the
Mr. zxzxzx9,
The "real" risk, which is illustrated through an adversary,
vulnerability, impact probability, risk mitigation strategy and the
residual risk doesn't matter. Hence is not discussed. I've yet to see a
comprehensive risk assessment on this matter.
The primary reason there is
On Fri, Jul 10, 2020 at 12:01 PM ccampetto--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Wouldn't be enough to check that OCSP responses are signed with a
> certificate which presents the (mandatory, by BR) id-pkix-ocsp-nocheck?
> I've not checked, but I don't think
Yes, that's right.
On Fri, Jul 10, 2020 at 12:11 PM Doug Beattie
wrote:
> Ben,
>
> For the avoidance of doubt, I assume this means Sept 1, 00:00 UTC.
>
>
> -Original Message-
> From: dev-security-policy
> On
> Behalf Of Ben Wilson via dev-security-policy
> Sent: Friday, July 10, 2020
Some people have asked whether two-year certificates existing on August 31
would remain valid. The answer is yes. Those certificates will remain
valid until they expire. The change only applies to certificates issued on
or after Sept. 1, 2020.
___
Ben,
For the avoidance of doubt, I assume this means Sept 1, 00:00 UTC.
-Original Message-
From: dev-security-policy On
Behalf Of Ben Wilson via dev-security-policy
Sent: Friday, July 10, 2020 12:49 PM
To: mozilla-dev-security-policy
Subject: Re: New Blog Post on 398-Day Certificate
On Fri, Jul 10, 2020 at 10:48:39AM -0600, Ben Wilson via dev-security-policy
wrote:
> Some people have asked whether two-year certificates existing on August 31
> would remain valid. The answer is yes. Those certificates will remain
> valid until they expire. The change only applies to
This is a request to EV-enable the IdenTrust Commercial Root CA 1, as
documented here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1551703
* Summary of Information Gathered and Verified:
https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=0417
* SHA2 hash for Root
9 matches
Mail list logo