Re: Mozilla cert report - am I holding it wrong?

2019-04-09 Thread Clint Wilson via dev-security-policy
On Tuesday, April 9, 2019 at 12:08:16 PM UTC-6, Ryan Sleevi wrote: > On Tue, Apr 9, 2019 at 11:25 AM Nick Lamb via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > Mozilla's wiki has a page about the subCAs > > > > https://wiki.mozilla.org/CA/Intermediate_Certificates >

Re: DigiCert OCSP services returns 1 byte

2019-09-24 Thread Clint Wilson via dev-security-policy
On Mon, Sep 23, 2019 at 6:29 PM Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Mon, Sep 23, 2019 at 11:53 PM Andy Warner via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > The practice of revoking non-issued certificates would

Re: DigiCert OCSP services returns 1 byte

2019-09-24 Thread Clint Wilson via dev-security-policy
On Tue, Sep 24, 2019 at 5:06 AM Ryan Sleevi wrote: > > > On Tue, Sep 24, 2019 at 2:36 AM Clint Wilson wrote: > >> On Mon, Sep 23, 2019 at 6:29 PM Ryan Sleevi via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >> Agreed especially with the final paragraph here. >>

Re: DigiCert OCSP services returns 1 byte

2019-09-25 Thread Clint Wilson via dev-security-policy
On Wed, Sep 25, 2019, 06:30 Neil Dunbar via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > > On 24 Sep 2019, at 07:35, Clint Wilson via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > > > […] it

Re: DNS records and delegation

2019-10-13 Thread Clint Wilson via dev-security-policy
On Thu, Oct 10, 2019 at 11:32 PM Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thu, Oct 10, 2019 at 11:42 PM Jeremy Rowley via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > Question, is there any prohibition against

Re: About upcoming limits on trusted certificates

2020-03-03 Thread Clint Wilson via dev-security-policy
wrote: > > On Tue, Mar 03, 2020 at 11:55:24AM -0800, Clint Wilson via > dev-security-policy wrote: >> For additional information, please see >> https://support.apple.com/en-us/HT211025. > > I have a question regarding this part: > >> TLS server certificates issued o

About upcoming limits on trusted certificates

2020-03-03 Thread Clint Wilson via dev-security-policy
Hello all, I wanted to inform this community of an upcoming change to the Apple Root Program. SSL/TLS certificates issued on or after September 1, 2020 will need to have a total lifetime of no more than 398 days. This change will be put in place in a future release of iOS, macOS, iPadOS,

Re: Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days

2021-02-25 Thread Clint Wilson via dev-security-policy
I think it makes sense to separate out the date for domain validation expiration from the issuance of server certificates with previously validated domain names, but agree with Ben that the timeline doesn’t seem to need to be prolonged. What about something like this: 1. Domain name or IP