On 06/09/16 07:20, Henri Sivonen wrote:
> In the table on page 13, line 6 looks different from the others.
> Should that line be in the table on page 14 instead?
Also line 2?
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.o
On Sun, Sep 4, 2016 at 12:49 PM, Richard Wang wrote:
> We finished the investigation and released the incidents report today:
> https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
>
> This report has 20 pages, please let me if you still have any questions,
> thanks.
In the table
The first email is the guy found the problem, the second email is asking for
revocation to related person that he/she can't do it.
Sure, we have CMS (Certificate Management System), every order is processed in
the system by the proper duty person. See Figure 8, the top menu is
Order Info, perso
On Monday, September 5, 2016 at 3:58:34 PM UTC-7, Peter Bowen wrote:
> On Wed, Aug 24, 2016 at 6:08 AM, Gervase Markham wrote:
> > Several incidents have come to our attention involving the CA "WoSign".
> > Mozilla is considering what action it should take in response to these
> > incidents. This
On Wed, Aug 24, 2016 at 6:08 AM, Gervase Markham wrote:
> Several incidents have come to our attention involving the CA "WoSign".
> Mozilla is considering what action it should take in response to these
> incidents. This email sets out our understanding of the situation.
>
> Before we begin, we no
On Friday, August 26, 2016 at 12:57:56 PM UTC-7, 233sec Team wrote:
> Wosign's Issue mechanism is high risking for large enterprise.
> This is one prove:
>
> https://gist.github.com/xiaohuilam/8589f2dfaac435bae4bf8dfe0984f69e
>
> Alicdn.com is the cdn asset domain name of Taobao/tmall who belong
In page 11, you mentioned that "System blocked many illegal request every day,
the following screen shot is the reject order log", in which you attached a log
with Google, Microsoft, QQ domains. Those domains are rejected because of the
top domain whitelist. Does that mean those attempts passed
On 03/09/2016 01:23, Matt Palmer wrote:
On Fri, Sep 02, 2016 at 11:19:11AM +0100, Gervase Markham wrote:
On 31/08/16 20:43, Nick Lamb wrote:
>>> ...
>> ...
> ...
1. Implement "Require SCTs" for problematic CAs. Notify the CA they
are obliged to CT log all certificates, inform subscribers etc.
On 04/09/16 17:40, Andrew Ayer wrote:
> On Sat, 3 Sep 2016 21:50:51 -0700
> Peter Bowen wrote:
>
>> The log entries for the SM2 certificates are
>> https://ctlog.wosign.com/ct/v1/get-entries?start=109239&end=109240;
>> crt.sh doesn't have them.
x509lint was segfaulting when crt.sh tried to add t
Eddy Nigg writes:
>On 09/04/2016 09:20 AM, Peter Gutmann wrote:
>> This is great stuff, it's like watching a rerun of Diginotar
>
>.says the audience on the backbenches gleefully
Well, it doesn't exactly paint the best picture of a competently-run CA, same
as Diginotar, and the progressio
Hi Eddy,
On 04/09/16 09:51, Eddy Nigg wrote:
> On 09/03/2016 11:02 PM, Percy wrote:
>> I agree completely that we shouldn't imply fundamental guilt by
>> association. However, WoSign threatened legal actions against Itzhak
>> Daniel's disclosure compiled purely from public sources. I just want to
>
On 09/04/2016 09:20 AM, Peter Gutmann wrote:
Peter Bowen writes:
It was brought to my attention that there is another incident.
This is great stuff, it's like watching a rerun of Diginotar
.says the audience on the backbenches gleefully
but no, what are you talking about?? Even
12 matches
Mail list logo