As far as I know, GeoTrust is not at fault here. They just signed this
(domain validated) certificate, and I don't know if they've been
notified of it before. That said, I don't have GeoTrust's contact info,
and I'm presuming that someone here does.
Information here comes from
On 9/6/2016 04:59, Ben Laurie wrote:
> On 1 September 2016 at 11:29, Peter Gutmann wrote:
>> Rob Stradling writes:
>>
I guess it makes them easy to revoke, if a single revocation can kill 313
certs at once.
>>> That's true.
>> Hey,
On 9/12/2016 20:20, Jakob Bohm wrote:
> On 13/09/2016 03:03, Kyle Hamilton wrote:
>> I would prefer not to see a securelogin-.arubanetworks.com
>> name, because such makes it look like Aruba Networks is operating the
>> captive portal. If (for whatev
PKI Policy Manager, Symantec Corporation
>>
>> -----Original Message-
>> From: Jeremy Rowley [mailto:jeremy.row...@digicert.com]
>> Sent: Tuesday, September 06, 2016 7:06 PM
>> To: Steve Medin <steve_me...@symantec.com>
>> Cc: Gervase Markham <g...@mozilla.o
I do have to ask this, though: WoSign has at least one EV issuer. I do
not know if there is an issuer with EV permissions in NSS, but WoSign
does have an EV code signing issuer in the Microsoft root program. Has
this issuer been checked to ensure that it could not have misissued
certificates?
On 9/4/2016 02:04, Eddy Nigg wrote:
> On 09/02/2016 07:02 PM, Nick Lamb wrote:
>> On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
>>> Lets speak about relying parties - how does this bug affect you?
>> As a relying party I am entitled to assume that there is no more than
>> one
http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
), or is it a case of "rumor
mill reported as fact"?
-Kyle H
On 2017-10-31 06:21, Kyle Hamilton wrote:
http://www.eweek.com/security/francisco-partners-acquires-comodo-s-certificate-authority-business
___
dev-security-policy mailing list
dev-secur
CABForum's current Basic Requirements, section 3.2.1, is titled "Method to
prove possession of private key".
It is currently blank.
A potential attack without Proof of Possession which PKIX glosses over
could involve someone believing that a signature on a document combined
with the
That is my reading of the situation, that they're not doing an actual
certification of an enrollment without verifying the actual key-identity
binding.
In addition, I'm wondering if the concept of "third-party attestation" (of
identity) is even a thing anymore, given that most CAs issue
On Mon, May 18, 2020, 19:46 Ryan Sleevi wrote:
> On Mon, May 18, 2020 at 7:55 PM Kyle Hamilton via dev-security-policy
> wrote:
>
> > Regardless of that potential con, though, there is one very important
> thing
> > which Proof of Possession is good for, regardless
11 matches
Mail list logo