Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Watson Ladd via dev-security-policy
On Friday, January 22, 2021 at 10:01:22 AM UTC-8, Ramiro Muñoz wrote: > El miércoles, 20 de enero de 2021 a las 5:04:27 UTC+1, Matt Palmer escribió: > > On Tue, Jan 19, 2021 at 07:28:17AM -0800, Ramiro Muñoz via > > dev-security-policy wrote: > > > Camerfirma is not the member with the highest

Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Claves Nostrum via dev-security-policy
One issue that really stands out for me is "Issue NN: Incorrect OCSP Delegated Responder Certificate (2013 - 2020)". Despite detailed public discussion on the risk and remedial actions (including what would properly demonstrate destruction of the affected CA keys through e.g. ISAE3000

Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Ramiro Muñoz via dev-security-policy
El miércoles, 20 de enero de 2021 a las 2:07:31 UTC+1, Paul Kehrer escribió: > On Tue, Jan 19, 2021 at 6:37 PM Jonathan Rudenberg via > dev-security-policy wrote: > > > > On Tue, Jan 19, 2021, at 12:01, Andrew Ayer via dev-security-policy wrote: > > > Camerfirma was warned in 2018 that trust

Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Ramiro Muñoz via dev-security-policy
El martes, 19 de enero de 2021 a las 18:01:49 UTC+1, Andrew Ayer escribió: > On Sun, 17 Jan 2021 00:51:29 -0800 (PST) > Ramiro Mu__oz via dev-security-policy > wrote: > > > Some certificates may have been syntactically > > incorrect due to misinterpretation, but we have never compromised any

Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Ramiro Muñoz via dev-security-policy
El viernes, 22 de enero de 2021 a las 2:31:00 UTC+1, Filippo Valsorda escribió: > 2021-01-19 18:01 GMT+01:00 Andrew Ayer via dev-security-policy > : > > It's troubling that even at this stage, Camerfirma still doesn't seem > > to grasp the seriousness of their compliance problems. Today, > >

Re: Summary of Camerfirma's Compliance Issues

2021-01-22 Thread Ramiro Muñoz via dev-security-policy
El miércoles, 20 de enero de 2021 a las 5:04:27 UTC+1, Matt Palmer escribió: > On Tue, Jan 19, 2021 at 07:28:17AM -0800, Ramiro Muñoz via > dev-security-policy wrote: > > Camerfirma is not the member with the highest number of > > incidents nor the member with the most severe ones. > No, but

CCADB Update: Extended ALV to EV SSL Audits on Intermediate Certs

2021-01-22 Thread Kathleen Wilson via dev-security-policy
CAs, There are a couple updates to the CCADB that I would like to bring to your attention. 1) Added 'CCADB Release Notes' link to the CA home page. It links to: https://docs.google.com/document/d/1yMLYQFNH2JnOixVsByC99uoQd8fFfZcKlKBu-vgy3CU/edit#heading=h.6p4mru6ujyvl 2) Extended automated