On 11/11/2016 02:42, Peter Bowen wrote:
Given that there is a lack of clarity on when the CABF BRs apply, and
that applicability of the BRs is outside the scope of the BRs, I
propose the following text to clarify and help CAs understand the
expectations of operating a publicly trusted CA.
Thanks
Given that there is a lack of clarity on when the CABF BRs apply, and
that applicability of the BRs is outside the scope of the BRs, I
propose the following text to clarify and help CAs understand the
expectations of operating a publicly trusted CA.
Thanks,
Peter
Requirements for a CA in the WebP
On Thursday, 10 November 2016 19:53:25 UTC, Robin Alden wrote:
> I can't speak to your assumptions, but I concede that it is not explicit in
> the CPS.
>
> It is now documented at
> https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf
> and in the knowledgebase article at:
>
Nick Lamb, on 02 October 2016 17:50, said..
> The first thing that jumps out at me from their report is that they
mistake .sb
> for a gTLD when it is actually a ccTLD.
That was a mistake in writing the report.
The point is that it is a TLD.
> The second thing obviously is that they do have exactl
Hi Hanno,
Hanno Böck, on 04 October 2016 13:34, said..
> There seem to be more certificates of that kind that weren't mentioned
> in the incident report. Here's a .re / www.re certificate (expired
> 2015):
> https://crt.sh/?id=4467456
>
> Has comodo checked its systems for other certificates of t
Eric Mill, on 03 October 2016 03:14, said..
> On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> > On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > > There is some good news. The CA/Browser Forum has already addressed
> > > this, even prior to the current discussions. Ballot 169
Gervase Markham, on 04 October 2016 07:10, said..
> Thank you for this report.
>
> On 27/09/16 02:07, Robin Alden wrote:
> > When we use an 'agreed-upon change to website' method to prove
> domain
> > control, we consider proof of control of 'www.' as also
> > proving control of '' (except where '
On 09/11/16 09:58, Gervase Markham wrote:
> So, it is now possible to change Firefox to mandate the presence of
> id-kp-serverAuth for EE server certs from Mozilla-trusted roots? Or is
> there some reason I've missed we can't do that?
I've emailed the engineering team within Mozilla to see if they
On 09/11/16 18:50, Peter Bowen wrote:
> Here are some certs that appear to be for server authentication but
> don't have that EKU:
>
> https://crt.sh/?id=10621190
This one also contains Internal Server Names. And it contains bogus info
in the Certificate Policies field. But it's not trusted by Mo
9 matches
Mail list logo
