2015年11月13日金曜日 23時27分46秒 UTC+9 Kathleen Wilson:
> On 11/13/15 5:43 AM, Peter Kurrasch wrote:
> > Kathleen, is SECOM getting special treatment? I was wondering if there was
> > some reason to move forward before a CA has everything in order? Will we be
> > seeing more of this going forward?
> >
>
On Thu, Nov 19, 2015 at 05:00:03PM -0800, Kathleen Wilson wrote:
> Insert 3rd bullet point:
> "- translate into English the Certificate Policy and Certification Practice
> Statement documents pertaining to the certificates to be included and the
> trust bits to be enabled;"
>
> I will appreciate r
Patrick T writes:
>I've found one of the certificates here (*.gov.bn, Symantec issued) seems to
>contain some NULL characters in the SAN.
Wow, you're right:
673 359: SEQUENCE {
677 33: SEQUENCE {
6793: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
684 26:
I would like to discuss this proposal[1] next:
- (D26) Add a requirement for CAs to provide English-translated versions
of their complete CP / CPS
I think we would have to narrow it down a bit, because some CAs have
several CP/CPS documents for their various product offerings, not
related to
On Thu, Nov 19, 2015 at 4:26 PM, Brian Smith wrote:
> Peter Bowen wrote:
>>
>> Robin Alden wrote:
>> Given that it doesn't, but that that the BRs say "MUST be either a
>> dNSName containing the Fully‐Qualified Domain Name or an iPAddress
>> containing the IP address", it is clear we still need t
There are two proposals on the table...
Proposal A:
~~
8. We consider the algorithms and key sizes specified in section 6.1.5
of version 1.3 or later of the CA/Browser Forum Baseline Requirements
for the Issuance and Management of Publicly-Trusted Certificates to be
acceptable and supported in Mo
Peter Bowen wrote:
> Robin Alden wrote:
> Given that it doesn't, but that that the BRs say "MUST be either a
> dNSName containing the Fully‐Qualified Domain Name or an iPAddress
> containing the IP address", it is clear we still need to have a valid
> FQDN. I'll update my scanner to allow "_" i
By the time version 2.3 of Mozilla’s CA Cert Policy is published, I hope
to have issued a CA Community License to every included CA. Taking that
into consideration; I propose changing the policy as follows.
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/incl
On 10/21/15 12:28 PM, Kathleen Wilson wrote:
On 10/1/15 3:44 PM, Kathleen Wilson wrote:
Unizeto Certum has applied to include the “Certum Trusted Network CA 2”
root certificate, turn on all three trust bits, and enable EV treatment.
This is the next generation of the “Certum Trusted Network CA”
On Thu, Nov 19, 2015 at 11:57 AM, Robin Alden wrote:
> Peter said..
>> While I realize that it is not clear cut in many contexts, RFC 5280 is
>> rather clear cut. The authors clearly wanted to avoid stumbling and
>> being eaten by a grue, so they wrote:
>>
>>When the subjectAltName extension
Peter said..
> While I realize that it is not clear cut in many contexts, RFC 5280 is
> rather clear cut. The authors clearly wanted to avoid stumbling and
> being eaten by a grue, so they wrote:
>
>When the subjectAltName extension contains a domain name system
>label, the domain name MU
Hi
We've provided code signing certificates to our customers for many years. Also,
at this time, the new root CTNCA 2 is going to be used for this purpose.
When it comes to a specific group of customers, I would say it appears that we
don't have customers who need to use our root from NSS root
On Tuesday, 17 November 2015 08:04:41 UTC, Peter Bowen wrote:
> Inspired by Rob Stradling's work
> (https://cabforum.org/pipermail/public/2015-November/006269.html), I
> wrote a quick tool to check that commonNames and Subject Alternative
> Names in server auth certificates issued by public CAs we
13 matches
Mail list logo
