is
>> an
>> idea whose time has come.
>>
>> -Tim
>>
>> > -Original Message-
>> > From: dev-security-policy <
>> dev-security-policy-boun...@lists.mozilla.org>
>> On
>> > Behalf Of Wayne Thayer via dev-security-policy
&
ing.
>
If that involves loading and using intermediates that are not actually
available via AIA, then yes.
> - Wayne
>
> [1]
> https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading#Intermediate_CA_Preloading
>
> On Thu, Nov 28, 2019 at 1:39 PM Ben Laurie
On Thu, 28 Nov 2019 at 20:22, Peter Gutmann
wrote:
> Ben Laurie via dev-security-policy
> writes:
>
> >In short: caching considered harmful.
>
> Or "cacheing considered necessary to make things work"?
If you happen to visit a bazillion sites a day.
> In
One of the things that was quite annoying when developing CT was browser
behaviour wrt intermediates - caching them and filling in missing ones
means that failure to present correct cert chains is common behaviour.
Which means that anything that _doesn't_ see a lot of certs has quite a low
chance o
On Fri, 16 Aug 2019 at 14:31, Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> DB: Yes, that's true. I was saying that phishing sites don't use EV, not
> that EV sites don't get phished
Surely this shows that EV is not needed to make phishing work, not that
On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote:
> On 18/10/2018 22:55, Ben Laurie wrote:
> > On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
> >
> > On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> > > On Fri, Oct 12, 2018 at 8:33
On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
> On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
>
> >> This is one of the reasons we also need revocation transparency.
> >
> > As temptin
On Fri, 12 Oct 2018 at 16:41, Ryan Sleevi wrote:
>
>
> On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
>
>>
>>
>> On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>&g
On Fri, 12 Oct 2018 at 13:54, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 12/10/2018 14:33, Ben Laurie wrote:
> > On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
> > dev-security-policy@lists.mozilla.org>
On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I believe that may be misunderstanding the concern.
>
> Once these certificates expire, there's not a good way to check whether or
> not they were revoked, because such revocation in
On Fri, 17 Aug 2018 at 18:22, Daymion Reynolds via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Revoke Disclosure
>
> GoDaddy has been proactively performing self-audits. As part of this
> process, we identified a vulnerability in our code that would allow our
> validation
On 28 February 2018 at 21:37, Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wed, 28 Feb 2018 20:03:51 +
> Jeremy Rowley via dev-security-policy
> wrote:
>
> > The keys were emailed to me. I'm trying to get a project together
> > where we self-sign a ce
On 28 February 2018 at 19:40, Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The end user agreed to the subscriber agreement, not Trustico. Our
> analysis follows what Peter B. posted – the subscriber is the “natural
> person or Legal Entity to whom a Certi
On 29 November 2017 at 22:33, Paul Wouters wrote:
>
>
> > On Nov 29, 2017, at 17:00, Ben Laurie via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > This whole conversation makes me wonder if CAA Transparency should be a
> >
This whole conversation makes me wonder if CAA Transparency should be a
thing.
On 29 November 2017 at 20:44, Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The Thawte records aren't showing any CAA record preventing wildcards
> either.
>
> Here's the Thawt
On 4 November 2017 at 19:54, Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 11/4/17 5:36 AM, Daniel Cater wrote:
>
>> I notice that on https://crt.sh/mozilla-onecrl there are lots of
>> certificates that have recently been added to OneCRL from the .tg
On 25 June 2016 at 00:56, Rob Stradling wrote:
> On 24/06/16 14:38, Rob Stradling wrote:
>>
>> I've just updated https://crt.sh/mozilla-disclosures.
>>
>> There's now a separate grouping for undisclosed intermediates for which
>> all observed paths to a trusted root have been "revoked".
>>
>> A pa
17 matches
Mail list logo