On 18/01/2017 01:12, Nick Lamb wrote:
On Tuesday, 17 January 2017 23:34:20 UTC, Jakob Bohm wrote:
How about "_and versions and strong (>= 256 bits) hashes_",
Frankly any _cryptographic_ hash should be adequate for this purpose. Even for
the most creaky crypto hashes I can think of (e.g.
On Tuesday, 17 January 2017 23:34:20 UTC, Jakob Bohm wrote:
> How about "_and versions and strong (>= 256 bits) hashes_",
Frankly any _cryptographic_ hash should be adequate for this purpose. Even for
the most creaky crypto hashes I can think of (e.g. MD4) pre-image attacks are
theoretical
On 16/01/2017 12:31, Gervase Markham wrote:
On 13/01/17 02:00, Ryan Sleevi wrote:
Suggestion: "List of CA policy documents _and versions_"
Yes, good idea.
Gerv
How about "_and versions and strong (>= 256 bits) hashes_",
given recent confusion about CP/CPS translation change procedures at
On Mon, Jan 16, 2017 at 3:30 AM, Gervase Markham wrote:
> On 13/01/17 01:56, Ryan Sleevi wrote:
>> Notably, 1.3.7 also has IP encumbrances - and uncertainty - the same
>> as 1.4.1, so presumably, Mozilla is OK with having encumbered methods
>> included. Considering some of these
On 12/01/2017 18:12, Gervase Markham wrote:
The current CA policy does not specify when audit reports are due to
Mozilla relative to the end date of the audit period. It only says that
CAs much provide the reports to Mozilla within 30 days of receiving the
report from their auditor.
Peter Bowen
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+wthayer=godaddy@lists.mozilla.org] On Behalf Of Jakob
> Bohm
> Sent: Tuesday, January 17, 2017 9:25 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: GoDaddy verification issue
Forwarded Message
Subject: Summary of January 2017 Audit Reminder Emails
Date: Tue, 17 Jan 2017 20:02:07 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
ISRG Root X1
Standard Audit: https://cert.webtrust.org/SealFile?seal=1987=pdf
Audit Statement Date: 2015-12-15
BR
Really? You were doing manual testing that quickly? Using the kind of
randomized challenging normal associated with automated testing?
On 17/01/2017 04:48, Wayne Thayer wrote:
Back in 2010 all of our testing was manual. We've been investing in automated
testing over the last three years. Now
8 matches
Mail list logo