I'm not sure exactly what you are asking. These sub CAs are cross-signs with
other entities. DigiCert controls the root, but not the issuing CAs. Except for
the ones I listed, they are all WebTrust or ETSI audited so we trust them. They
are primarily government, large corporations, and other
On Thu, Nov 3, 2016 at 11:28 AM, Jeremy Rowley
wrote:
> This email is intended to gather public and browser feedback on how we are
> handling the transitioning Verizon's customers to DigiCert and share with
> everyone the plan for when all non-DigiCert hosted sub CAs
在 2016年11月4日星期五 UTC+8上午3:52:23,Jeremy Rowley写道:
> Resent without a signature
>
>
>
> Hi everyone,
>
>
>
> This email is intended to gather public and browser feedback on how we are
> handling the transitioning Verizon's customers to DigiCert and share with
> everyone the plan for when
On Thu, Nov 03, 2016 at 03:39:11PM -0700, gerhard.tin...@gmail.com wrote:
> On Thursday, November 3, 2016 at 11:23:18 PM UTC+1, Matt Palmer wrote:
> > On Thu, Nov 03, 2016 at 02:08:04PM -0700, gerhard.tin...@gmail.com wrote:
> > > Sadly, the shady behaviour is not with Comodo but with Cloudflare.
On Thursday, November 3, 2016 at 11:23:18 PM UTC+1, Matt Palmer wrote:
> On Thu, Nov 03, 2016 at 02:08:04PM -0700, gerhard.tin...@gmail.com wrote:
> > Sadly, the shady behaviour is not with Comodo but with Cloudflare. As
> > cloudflare does not state anywhere that they issue certificates when SSL
On Thursday, November 3, 2016 at 1:23:48 PM UTC+1, Rob Stradling wrote:
> On 03/11/16 12:13, Han Yuwei wrote:
> > 在 2016年11月3日星期四 UTC+8下午7:09:48,Rob Stradling写道:
> >> On 03/11/16 09:59, Gervase Markham wrote:
> >>> On 02/11/16 23:26, gerhard.tin...@gmail.com wrote:
> Befor I contacted this
On Thursday, November 3, 2016 at 10:59:53 AM UTC+1, Gervase Markham wrote:
> On 02/11/16 23:26, wrote:
> > Befor I contacted this group, I contacted Cloudflare and asked them
> > to stop creating certificates with my domain. The answer in short
> > was, ... they cannot change it and as long as I
Resent without a signature
Hi everyone,
This email is intended to gather public and browser feedback on how we are
handling the transitioning Verizon's customers to DigiCert and share with
everyone the plan for when all non-DigiCert hosted sub CAs will be fully
compliant with the BRs
On Thu, 3 Nov 2016 17:53:01 +
Gervase Markham wrote:
> On 28/10/16 16:11, Patrick Figel wrote:
> > I found a number of SHA-1 certificates chaining up to CAs trusted by
> > Mozilla that have not been brought up on this list or on Bugzilla
> > yet.
>
> Using the handy crt.sh
On 03/11/16 10:30, Tim Guan-tin Chien wrote:
> PS Apologies if this is not in-scope for dev-security-policy.
I think you might be better off asking Mozilla IT :-)
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 28/10/16 16:11, Patrick Figel wrote:
> I found a number of SHA-1 certificates chaining up to CAs trusted by
> Mozilla that have not been brought up on this list or on Bugzilla yet.
Using the handy crt.sh link posted by Rob, I have gone through the 2016
SHA-1 issuances known to crt.sh to filter
On 03/11/16 14:18, Jakob Bohm wrote:
> On 03/11/2016 12:09, Rob Stradling wrote:
>
>> In my experience, joining Cloudflare's paying tier doesn't guarantee
>> that Cloudflare won't also obtain a free cert.
>>
>> A few weeks ago we moved crt.sh onto Cloudflare. It was in the paying
>> tier from
On 03/11/2016 12:09, Rob Stradling wrote:
In my experience, joining Cloudflare's paying tier doesn't guarantee
that Cloudflare won't also obtain a free cert.
A few weeks ago we moved crt.sh onto Cloudflare. It was in the paying
tier from the start, and we uploaded an EV cert straight away. I
On 03/11/16 12:13, Han Yuwei wrote:
> 在 2016年11月3日星期四 UTC+8下午7:09:48,Rob Stradling写道:
>> On 03/11/16 09:59, Gervase Markham wrote:
>>> On 02/11/16 23:26, gerhard.tin...@gmail.com wrote:
Befor I contacted this group, I contacted Cloudflare and asked them
to stop creating certificates with
On 03/11/16 09:59, Gervase Markham wrote:
> On 02/11/16 23:26, gerhard.tin...@gmail.com wrote:
>> Befor I contacted this group, I contacted Cloudflare and asked them
>> to stop creating certificates with my domain. The answer in short
>> was, ... they cannot change it and as long as I am using
On 03/11/16 10:59, Gervase Markham wrote:
> However, I still don't get why you want to use Cloudflare's SSL
> termination services but are unwilling to allow them to get a
> certificate for your domain name.
>
> AIUI their free tier uses certs they obtain, but if you pay, you can
> provide your
Hi there,
I've already regarding the document here [1] as the updated document
to "how to generate a SSH key", however as my new hires points out
there are other documents out there [2] [3].
Should we be updating [2] [3] and ask everyone to look at [1] instead?
[1]
On 18/10/16 19:15, Rob Stradling wrote:
> Hi Hanno. The questions that you and others have posted are entirely
> reasonable. Sorry for the delay. Robin intends to post a reply this week.
It seems like this reply has not yet appeared?
I would like to make sure my initial question about "Where
On 02/11/16 23:26, gerhard.tin...@gmail.com wrote:
> Befor I contacted this group, I contacted Cloudflare and asked them
> to stop creating certificates with my domain. The answer in short
> was, ... they cannot change it and as long as I am using there
> service, they will continue.
How would
On Wednesday, November 2, 2016 at 11:34:44 PM UTC+1, Peter Gutmann wrote:
> Tom Ritter writes:
>
> >There's been (some) mention that even if a user moves off Cloudflare, the CA
> >is not obligated to revoke.
>
> Would it matter? I guess it depends on circumstances (whether you control the
>
On Saturday, October 29, 2016 at 12:02:54 PM UTC-5, Gervase Markham wrote:
> The scope of the BRs is debateable. These certs are clearly in scope for
> Mozilla policy, as they chain up to trusted roots; however Mozilla
> policy does not (yet) ban SHA-1 issuance other than via the BRs. This
> may
On Wednesday, November 2, 2016 at 11:39:09 PM UTC+1, Peter Kurrasch wrote:
> This raises an interesting point and I'd be interested in any comments that
> Comodo or other CA's might have.
>
>
> It appears we have a situation where a cert is being issued to what is
> presumably an authorized
On Wednesday, November 2, 2016 at 11:42:00 PM UTC+1, Kristian Fiskerstrand
wrote:
> On 11/02/2016 11:38 PM, Peter Kurrasch wrote:
> > This raises an interesting point and I'd be interested in any comments
> > that Comodo or other CA's might have.
> >
>
> It really seems like a matter of
23 matches
Mail list logo