Maybe a "Timeline" could help here:
* the customer orders the certificate
* the agent gathers all the necessary information from various sources
* once everything is available, another agent verifies the data (first check)
* the certificate is issued / created
* new second check that compares
On Sun, Feb 28, 2016 at 10:40:36PM -0800, theltal...@hotmail.com wrote:
> Am Sonntag, 28. Februar 2016 00:31:48 UTC+1 schrieb Matt Palmer:
> > On Fri, Feb 26, 2016 at 06:22:22AM -0800, Christoph Klein wrote:
> > > To prevent future problems with values in the certficate fields, we have
> > >
On Mon, Feb 29, 2016 at 7:09 AM, Peter Gutmann
wrote:
> Jürgen Brauckmann writes:
>
>>Nice example from the consumer electronics world: Android >= 4.4 is quite
>>resistant against private PKIs. You cannot import your own/your corporate
>>private
Peter Bowen recently created a certlint tool [1] to check certificates for
CA/Browser Forum Baseline Requirements compliance. Thanks Peter!
Using this tool we uncovered a number of Let's Encrypt certificates that are
not compliant with RFC 5280. There were two issues:
1) Let's Encrypt was not
On 27/02/16 23:50, David E. Ross wrote:
> According to Softpedia, Mozilla is the only organization that agreed to
> Symantec's request. Microsoft, Google, and others are holding firm on
> rejecting SHA-1 certificates. See
>
Am Sonntag, 28. Februar 2016 00:31:48 UTC+1 schrieb Matt Palmer:
> On Fri, Feb 26, 2016 at 06:22:22AM -0800, Christoph Klein wrote:
> > To prevent future problems with values in the certficate fields, we have
> > implemented another layer of cross checks after the issuing of the
> > certificate.
>
On Mon, Feb 29, 2016 at 4:18 AM, Jürgen Brauckmann
wrote:
> Peter Gutmann schrieb:
>
>> Wouldn't it be easier to issue their own certs (or roll out equipment
>> which
>> relies on WorldPay certs), at which point they could follow their own
>> policies? Their problem is
Peter Gutmann schrieb:
Jürgen Brauckmann writes:
http://www.howtogeek.com/198811/ask-htg-whats-the-deal-with-androids-persistent-network-may-be-monitored-warning/
Ugh, yuck! So on the one hand we have numerous research papers showing that
Android apps that blindly
Yes, the new check happens after we issued the certificate to make sure, that
the final content of the certificate matches the data gathered and checked in
the "first round", before the issuing.
This will be done in addition to the checks before, not instead.
On Mon, 29 Feb 2016 10:18:01 +0100
Jürgen Brauckmann wrote:
> Using private PKIs for such stuff isn't risk-free, as software
> vendors are confused about the security properties of their root
> store.
Actually I also thought while reading this thread that I disagree that
Jürgen Brauckmann writes:
>Nice example from the consumer electronics world: Android >= 4.4 is quite
>resistant against private PKIs. You cannot import your own/your corporate
>private Root CAs for Openvpn- or Wifi access point security without getting
>persistent, nasty,
11 matches
Mail list logo