On 19/01/2017 01:33, montel.bahn...@gmail.com wrote:
On Thursday, January 12, 2017 at 7:38:47 PM UTC-5, Itzhak Daniel wrote:
Why not posting _ALL_ certificates issues via that method to CT log?
We had to nag and whine for a year to get IXSystems and FreeNAS folks to
finally, begrudgingly use TLS (for Download of ISOs and SHA256 no less!). The
'Volunteers' and staff deleted my posts, accused me of trolling and stated that
the CAs' system was something like bunk or a laughing stock. Though not a
commiter or security guru, I submit that:
If a CA refuses to take advantage of Google's <i>Certificate Transparency
Project</i> or otherwise public log per RFC 6962, then Mozilla MUST shun them!
Google's CT initiative in its current form has serious privacy problems
for genuine certificate holders. I applaud any well-run CA that stands
up to this attack on the Internet at large.
I mean who dares disagree? Surely this is a non-partisan issue with Mozilla
Devs AND majority of Firefox Users? Let's keep on topic of GoDaddy's second
insufficiency, though it's not alone on the consensus naughty-list. I assume
some relevant browser Devs were shown proof of what happened in detail? Can
they complain their spaghetti code is that proprietary, really. It surely is
not valuable now as a work product. Just sign NDAs if they won't the bother.
The 'lapses' WILL keep getting more convoluted and ridiculous if Mozilla,
Google et al. don't finally draw the line.
I have no reason to believe Mozilla employees have any relevant GoDaddy
information not posted right here on this newsgroup and the associated
public web pages, bug trackers etc.
This newsgroup is *the* place where Mozilla finds out these things.
you and I are essentially standing inside the room where all this is
happening, seeing and hearing almost everything that goes on, and even
getting to contribute our opinions.
PS: FreeNAS is still using GoDadddy, even though they have other valid
certificates per:
https://www.google.com/transparencyreport/https/ct/
Not at all relevant to this newsgroup.
...somebody has to lead by example and soon!
Hopefully not you.
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
