After skimming the responses and checking a few CAs, I'm starting to wonder:
Wouldn't it be easier to just add another mandatory field to the CCADB (e.g.
"revocation contact"), requiring $URL or $EMAIL via policy and just use that to
provide a public list?
It seems to me that most revocation
On 15/05/2017 15:53, Doug Beattie wrote:
...
Yes, it is certainly a bit dated. Outlook 2013 and 2016 are not listed along
with more recent versions of iMail and Thunderbird.
I believe the point of the document was only to list what was needed to
get SHA256 compatibility. So for each
On 15/05/2017 22:06, Michael Casadevall wrote:
On 05/15/2017 09:32 AM, Jakob Bohm wrote:
This won't work for the *millions* of legitimate, not-misissued,
end certificates that were issued before Symantec began SCT
embedding (hopefully in the past) and haven't expired before such
an early
Greetings, I have reviewed your second BR self-assessment
(https://bugzilla.mozilla.org/attachment.cgi?id=8860627) against your updated
CP/CPS (CP V1.6, CPS V4.5, EV CP V1.4, and EV CPS V1.5) and provided the
following comments and/or recommendations.
1. BR Section 3.2.2.5 Authentication for
Replacement link: https://bugzilla.mozilla.org/attachment.cgi?id=8867892
Sorry, I had the PDF cached.
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of
> urijah--- via dev-security-policy
>
I took a stab at trying to grok this. I find I have more questions and a
lot more concerns the more I read though. Please let me know if I'm not
the only one having issues decoding the responses. Here's my first
impressions:
RA & EV:
Were all the certificates issued by the RAs uploaded to a CT
On 05/15/2017 09:32 AM, Jakob Bohm wrote:
> This won't work for the *millions* of legitimate, not-misissued,
> end certificates that were issued before Symantec began SCT
> embedding (hopefully in the past) and haven't expired before such
> an early deadline.
>
Sorry, I could have been more
The link in footnote [1]
https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t000Gmi3AAC=File__Body__s
gives me a 404 error.
On Monday, May 15, 2017 at 11:09:41 AM UTC-4, Steve Medin wrote:
> Gerv,
>
> Our response to the recent questions is posted at:
>
Here are the changes we are requesting to be made on Friday, May 19, at 1pm PDT.
1) https://mozillacacommunity.force.com/
will be changed to
https://ccadb.force.com/
(This is the CA login page, and the domain CAs see when they are logged into
the CCADB)
2)
Symantec logs TLS server certificates that are intended to be trusted by Chrome
to Certificate Transparency logs. Symantec does not systematically log other
certificate types to CT, including Class 1, Class 2 and other types of user
certificates.
The Adobe Approved Trust List intermediate CA
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of Ryan
> Sleevi via dev-security-policy
> Sent: Tuesday, April 25, 2017 6:50 PM
> To: Ryan Sleevi
> Cc:
On Mon, May 15, 2017 at 10:18 AM, Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Once upon a time I would said "yes, we should totally encourage people to
> lovingly craft their perfect trust store, to reduce their risk profile".
> Now, not so much.
>
> As
Gerv,
Our response to the recent questions is posted at:
https://bugzilla.mozilla.org/attachment.cgi?id=8867735
Kind regards,
Steve
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of
> Gervase
It's useful to note that Outlook 2007 leaves extended support on October 10.
(That deadline has been extended a few times, I believe, but this should be the
final date.)
https://support.microsoft.com/en-us/help/3198497/office-2007-approaching-end-of-extended-support
On Monday, May 15, 2017 at
Once upon a time I would said "yes, we should totally encourage people to
lovingly craft their perfect trust store, to reduce their risk profile".
Now, not so much.
As we've seen in numerous discussions, customers of CAs, particularly large
enterprises and vendors (think payment terminals) love
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+doug.beattie=globalsign@lists.mozilla.org] On Behalf Of Kurt
> Roeckx via dev-security-policy
> Sent: Monday, May 15, 2017 9:41 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re:
On 2017-05-15 15:38, Kurt Roeckx wrote:
On 2017-05-15 15:26, Gervase Markham wrote:
On 15/05/17 14:19, Doug Beattie wrote:
https://support.globalsign.com/customer/portal/articles/1216323
Thanks, Doug. There's no date on that doc - are you able to say when it
was written?
It says: Last
On 2017-05-15 15:26, Gervase Markham wrote:
On 15/05/17 14:19, Doug Beattie wrote:
https://support.globalsign.com/customer/portal/articles/1216323
Thanks, Doug. There's no date on that doc - are you able to say when it
was written?
It says: Last Updated: Aug 26, 2013 11:24AM EDT
Kurt
On 15/05/2017 15:26, Gervase Markham wrote:
On 15/05/17 14:19, Doug Beattie wrote:
https://support.globalsign.com/customer/portal/articles/1216323
Thanks, Doug. There's no date on that doc - are you able to say when it
was written?
Gerv
I believe it is a "live" doc, that was regularly
On 15/05/2017 15:19, Gervase Markham wrote:
On 12/05/17 09:18, Cory Benfield wrote:
I try not to decide whether there is interest in features like this:
if they’re easy I’d just implement them and let users decide if they
want it. That’s what I’d be inclined to do here. If Mozilla added
such a
On 13/05/2017 12:27, Michael Casadevall wrote:
On 05/11/2017 09:53 AM, Jonathan Rudenberg via dev-security-policy wrote:
On May 10, 2017, at 11:52, Gervase Markham via dev-security-policy
wrote:
I would appreciate people's comments on the details of
On 15/05/17 14:19, Doug Beattie wrote:
> https://support.globalsign.com/customer/portal/articles/1216323
Thanks, Doug. There's no date on that doc - are you able to say when it
was written?
Gerv
___
dev-security-policy mailing list
On 12/05/17 09:18, Cory Benfield wrote:
> I try not to decide whether there is interest in features like this:
> if they’re easy I’d just implement them and let users decide if they
> want it. That’s what I’d be inclined to do here. If Mozilla added
> such a flag, I’d definitely be open to adding
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+doug.beattie=globalsign@lists.mozilla.org] On Behalf Of
> Gervase Markham via dev-security-policy
> Sent: Monday, May 15, 2017 9:16 AM
> To: Jakob Bohm ;
On 15/05/17 12:54, Kurt Roeckx wrote:
> At least it's technically constrained.
Ah yes, you are right. Not nearly such an issue, then.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 15/05/17 14:07, Jakob Bohm wrote:
> 1. Microsoft's e-mail clients were very late to accept stronger
> signature algorithms for e-mails (including e-mails sent by users of
> non-problematic e-mail clients). I believe Globalsign's page about
> SHA256-transition for customers provides a
Right. Not very recently: in October 2016;
it is technically-constrained, and expires this October.
Il 15/05/2017 12:52, Gervase Markham
via dev-security-policy ha scritto:
Also, am I right in thinking that Actalis has recently cross-signed
On 2017-05-15 13:40, Gervase Markham wrote:
* (Q13) Many CAs plan to stop issuing SHA-1 S/MIME by the end of this
year. CAs without a firm date are: Comodo, GlobalSign, SECOM, TWCA, and
Visa. A couple of these CAs hint that an industry deadline to stop would
help their customers see the need to
On 2017-05-15 12:52, Gervase Markham wrote:
Symantec never received any formal audits from UniCredit; I am trying to
get hold of the informal ones. Their participation in the GeoRoot
program started in January 2012:
https://crt.sh/?CN=UniCredit+Subordinate+External
So both organizations had
With two exceptions (neither of which have the websites trust bit set),
all answers are now in from the April 2017 CA Communication. You can
find links to the answers here:
https://wiki.mozilla.org/CA/Communications#April_2017_Responses
Some highlights for the community's attention:
* (Q1) It
Hi all,
One of the CA Communication questions was about the Problem Reporting
Mechanisms that CAs are supposed to have. The answers are here:
https://mozillacaprogram.secure.force.com/Communications/CACommResponsesOnlyReport?CommunicationId=a05o03WrzBC=Q00028
I would love it if someone would
Symantec have supplied the audits for their GeoRoot partner "Aetna":
https://bug1334377.bmoattachments.org/attachment.cgi?id=8867397
https://bug1334377.bmoattachments.org/attachment.cgi?id=8867398
The community might find them interesting reading. These audits are the
only ones Symantec received
32 matches
Mail list logo