Thanks Alex. Greatly appreciated.
From: Alex Gaynor [mailto:agay...@mozilla.com]
Sent: Thursday, April 27, 2017 2:05 PM
To: Jeremy Rowley
Cc: Rob Stradling ; mozilla-dev-security-policy
On Thu, Apr 27, 2017 at 3:52 PM, Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Your post made me realize that we never publicly posted the status of these
> last few CAs. Sorry about that. Here's the plan:
>
> 1. ABB - ABB was supposed to be technically
Your post made me realize that we never publicly posted the status of these
last few CAs. Sorry about that. Here's the plan:
1. ABB - ABB was supposed to be technically constrained (and is restricted
to certain names). However, the technical constraints were added incorrectly
and didn't exclude
Note that according to the below post, the one thing Symantec has not
decided to obey Google on is a request to completely stop operating as
a CA, except in name and a few minor related aspects.
This was the final, microscopic, out offered to WoSign after they
completely and deliberately
(Wearing a Google Hat, if only to share what has transpired)
Symantec has recently shared in https://www.symantec.com/
connect/blogs/symantec-ca-proposal , as well as https://groups.google.com/d/
msg/mozilla.dev.security.policy/LRvzF2ZPyeM/OpvBXviOAQAJ , a plan for what
they believe is an
Hi Richard,
On Thu, Apr 27, 2017 at 6:13 AM, Richard Wang via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I like to share the experience we suffered from distrust, it is disastrous
> for CA and its customers to replace the certificate that exceed your
> imagination that
On Thu, Apr 27, 2017 at 6:50 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 21/04/17 18:19, Eric Mill wrote:
> > The FPKI cross-signs at issue in Issue L are now expired (and so don't
> show
> > on the links above). They do show when expired
I don't know about others, but I am quite disappointed by Symantec's proposed
remediation plan. Intentional or not, these response seems to indicate they
don't really understand the potential consequences of many of their past
actions. Essentially, they promise to:
1) Have a third party audit
No problem at all. I thought that while distrusted no needed to follow nor
update the CCADB. Will do asap.
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: Rob Stradling [mailto:rob.stradl...@comodo.com]
Sent: jueves, 27 de abril de 2017 13:08
To: Inigo
On 27/04/17 11:56, Inigo Barreira wrote:
Good to know that our new certs are there :-)
Regarding StartCom, these are the new certs we´ve generated and will be used
to apply for inclusion in the Mozilla root program. Nothing to disclose at
the moment I guess. We´ve not been audited yet nor
Good to know that our new certs are there :-)
Regarding StartCom, these are the new certs we´ve generated and will be used
to apply for inclusion in the Mozilla root program. Nothing to disclose at
the moment I guess. We´ve not been audited yet nor applied.
Best regards
Iñigo Barreira
CEO
On 21/04/17 18:19, Eric Mill wrote:
> The FPKI cross-signs at issue in Issue L are now expired (and so don't show
> on the links above). They do show when expired certificates are included --
> there are 6 of them with OU=FPKI:
> https://crt.sh/?Identity=%25=1384
>
> Each of those certificates
On 26/04/17 21:21, Rob Stradling via dev-security-policy wrote:
(Note: A few of the non-Symantec entries currently listed by
https://crt.sh/mozilla-disclosures#undisclosed are false positives, I
think. It looks like Kathleen has marked some roots as "Removed" on
CCADB ahead of the
I like to share the experience we suffered from distrust, it is disastrous for
CA and its customers to replace the certificate that exceed your imagination
that we are still working for this since October 2016 that nearly six months
now.
Due to the quantity of Symantec customers is more than
On Thursday, 27 April 2017 00:42:20 UTC+2, Ryan Sleevi wrote:
> On Wed, Apr 26, 2017 at 5:17 PM, okaphone.elektronika--- via
> dev-security-policy wrote:
> >
> > If this is about the possible consequences of compromise, then I'd say you
> > should try to
15 matches
Mail list logo