Hi Ben,
DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação
Electrónica do Estado, C=PT
Downloading the issuer (https://crt.sh/?id=8949008) and then running:
openssl ocsp -issuer 8949008.crt -serial 101010101010101101010101010
-no_nonce -url http://ocsp.root.cartaodecidad
Could someone re-check Multicert and SCEE? (See below.) They have indicated to
us that they have now patched their OCSP responder systems.
DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação
Electrónica do Estado, C=PT
Example cert: https://crt.sh/?id=12729446
OCSP U
Hi Gerv and Kathleen,
We're working on the Mozilla CA self-assessment checklist and referenced
requirements you have placed on CAs. On your page of Forbidden or Problematic
Practices [1], you state that CAs must not generate private keys for signer
certificates.
CAs must never generate the key
On Tuesday, November 14, 2017 at 8:31:34 AM UTC-8, Kathleen Wilson wrote:
> On 11/14/17 4:34 AM, douglas...@gmail.com wrote:
> >
> > Do we believe that this issue has been resolved by the Registry and
> > issuance an resume as normal, or are there ongoing concerns which CAs
> > should be aware o
Hello Wayne,
At me the link on the pdf file is work correctly from Google Chrome ver. 49,
but I cannot load this file in my post...
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-securit
I reviewed the CP/CPS, BR self assessment, audit statement, and other
information provided as part of this request. Overall, I found the CPS and BR
self assessment to be lacking in detail, and in some cases the CPS references
non-public documents.
Here are my specific comments:
- I’m also rece
On 11/14/17 4:34 AM, douglas.beat...@gmail.com wrote:
Do we believe that this issue has been resolved by the Registry and issuance an
resume as normal, or are there ongoing concerns which CAs should be aware of
when issuing certificates to .tg domains?
Based on information from folks that
On 11/13/17 7:22 PM, Jakob Bohm wrote:
Wouldn't the .tg incident be equally relevant for the e-mail trust bit?
(In which case the first 3 options should say TLS/SSL/e-mail)
Good point. To make it easier, I removed "TLS/SSL", and changed text to
"certificates containing .tg domains".
Updat
On Monday, November 6, 2017 at 6:40:58 AM UTC-5, Ben Laurie wrote:
> On 4 November 2017 at 19:54, Kathleen Wilson via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On 11/4/17 5:36 AM, Daniel Cater wrote:
> >
> > I think those CAs need to re-validate their recently iss
9 matches
Mail list logo