On Tue, Feb 28, 2017 at 12:02 PM, douglas.beattie--- via
dev-security-policy wrote:
> Ryan,
>
> GlobalSign certificate issuance has been referenced in several different
> threads recently and I think most of them are closed; however, if you feel
>
On Tue, Feb 28, 2017 at 8:53 AM, douglas.beattie--- via dev-security-policy
wrote:
>
> Yes, we're working to do just this now.
While that's good and well, I do hope GlobalSign will produce an incident
report regarding this matter, as to how the situation
On Friday, February 24, 2017 at 5:12:43 PM UTC-8, Peter Bowen wrote:
> "auditing standards that underlie the accepted audit schemes found in
> Section 8.1"
>
> This is obviously a error in the BRs. That language is taken from
> Section 8.1 and there is no list of schemes in 8.1.
>
> 8.4 does
On Tuesday, February 28, 2017 at 6:00:47 PM UTC+2, Nick Lamb wrote:
> This is useful independent evidence that (at least some of) the names did
> exist at one time.
The problem is that they're "re-keying" certificates for domains that are no
longer in control of their subscribers (as Andrew
On Tuesday, 28 February 2017 16:00:47 UTC, Nick Lamb wrote:
> e.g. http://domaingraveyard.com/list/2016-05-10.txt
Typical, I posted that and then I checked from another browser and it now gives
an access error. Anyway, there are others of the same ilk out there, these
names (at least some of
On Tuesday, 28 February 2017 12:29:30 UTC, Itzhak Daniel wrote:
> I also would like to have an official reply from GlobalSign saying that "on
> the date they issue the certificate the domain exists".
Doug/ GlobalSign has responded but I'll mention here that lists of recently
abandoned domain
On Tuesday, February 28, 2017 at 7:29:30 AM UTC-5, Itzhak Daniel wrote:
> On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> > I think that without more evidence we must assume that GlobalSign
> > validated this domain correctly at a time when it existed.
>
> There are
On Monday, February 27, 2017 at 11:04:53 AM UTC-5, Gervase Markham wrote:
> Hi Doug,
>
> On 15/02/17 17:09, Gervase Markham wrote:
> > But currently GlobalSign employees still are?
> >
> > If so, can you help us understand why that's necessary? Given that you
> > control the domains used for
On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> I think that without more evidence we must assume that GlobalSign
> validated this domain correctly at a time when it existed.
There are many more test*.* domains, non of those (about 10) I checked exist. I
will compose
Ryan H,
On 23/02/17 04:40, Peter Bowen wrote:
> Both Gerv and I posted follow up questions almost two weeks ago. I
> know you have been busy with CT days. When do you expect to have
> answers available?
Ping? :-)
Gerv
___
dev-security-policy
On 26/02/17 00:50, Itzhak Daniel wrote:
> I talked with Ofer from Incapsula, he said the domain exist at some
> point; Someone have access to domain tools or other tool to verify
> this matter? Based on domaintools I can say the domain did exist but
> I can't tell when it cease to exist.
I think
On 27/02/17 21:41, Ryan Sleevi wrote:
> During a past discussion of precertificates, at
> https://groups.google.com/d/msg/mozilla.dev.security.policy/siHOXppxE9k/0PLPVcktBAAJ
> , Mozilla did not discuss whether or not it considered
> precertificates misissuance, although one module peer (hi! it's
On Fri, Feb 24, 2017 at 4:51 PM, Ryan Sleevi wrote:
>
>
> On Wed, Feb 22, 2017 at 8:32 PM, Ryan Sleevi wrote:
>
>> Hi Steve,
>>
>> Thanks for your continued attention to this matter. Your responses open
>> many new and important questions and which give serious
13 matches
Mail list logo