m.d.s.p community, Google Trust Services just filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1630040 which contains the
same information as the report that follows.
>From 2020-04-08 16:25 UTC to 2020-04-09 05:40 UTC, Google Trust Services'
EJBCA based CAs (GIAG4, GIAG4ECC, GTSY1-4) served
shorter timeline that needs to be honored for CAA.
--
Andy Warner
Google Trust Services
On Mon, Sep 23, 2019 at 3:57 PM Kurt Roeckx wrote:
> On Mon, Sep 23, 2019 at 02:53:26PM -0700, Andy Warner via
> dev-security-policy wrote:
> >
> > 1. The new text added to the Mozilla Recomm
The last thing we intended was for our prior mail to be interpreted as negative
and without substance. That said, it is clear our mail was not received in the
light in which it was intended.
We would like to rectify that. We have been closely monitoring this thread and
as it began to converge
Google Trust Services (GTS) reached out to Wayne directly, but I'm also posting
here as the conversation seems to be rapidly converging on solutions. GTS still
has reservations that the proposed solutions may be problematic to implement
and may leave a number of CAs and one very common CA
A quick follow-up to close this out.
The push to fully address the issue was completed globally shortly before 16:00
UTC on 2019-09-02.
After additional review, we're confident the only certificates affected were
these two:
https://crt.sh/?id=760396354
https://crt.sh/?id=759833603
Google
This is an initial report and we expect to provide some additional details and
the completion timeline after a bit more verification and full deployment of
in-flight mitigations. We are posting the most complete information we have
currently to comply with Mozilla reporting timelines and will
the evolving the code to the point it became more complicated than
it needed to be.
On Thu, Aug 23, 2018 at 9:40 AM Ryan Sleevi wrote:
>
>
> On Thu, Aug 23, 2018 at 8:50 AM, Andy Warner via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>>
>> * NOTE:
tools to further ensure that we have strong knowledge of the
pedigree of all code and how it was built and deployed.
On Thu, Aug 23, 2018 at 10:55 AM Nick Lamb wrote:
> On Thu, 23 Aug 2018 05:50:05 -0700 (PDT)
> Andy Warner via dev-security-policy
> wrote:
>
> > May 21s
t; order to help other CAs out, do you think there are testing methodologies
> that could have helped catch this earlier?
>
> Alex
>
> On Thu, Aug 23, 2018 at 8:50 AM Andy Warner via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Please no
Please note, Google wrote this report for internal use immediately after the
issue. We intended to post it to m.d.s.p at that time, but securing internal
approvals took a while and the posting ended-up on the back burner for a bit.
It was a minor issue, but we want the community to be aware of
Google Trust Services published updated CP & CPS versions earlier today
covering CAA checking. I'd suggest checking all CAs again tomorrow. Given the
range of timezones CA operational staffs operate across, some may not have had
a chance to publish their updates yet.
In terms of the 'rush' I
11 matches
Mail list logo
