RE: Certificate with invalid dnsName issued from Baltimore intermediate

Nick, We are in discussions with Intesa Sanpaolo about implementing/pursuing OneCRL or a similar approach (e.g. outright revocation of the CAs). Thanks, Ben -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of

Re: Regarding CA requirements as to technical infrastructure utilized in automated domain validations, etc. (if any)

On Monday, July 24, 2017 at 2:49:20 AM UTC-5, Gervase Markham wrote: > On 20/07/17 21:31, Ryan Sleevi wrote: > > Broadly, yes, but there's unfortunately a shade of IP issues that make it > > more difficult to contribute as directly as Gerv proposed. Gerv may accept > > any changes to the Mozilla

Re: Regarding CA requirements as to technical infrastructure utilized in automated domain validations, etc. (if any)

On 22/07/2017 02:38, birge...@princeton.edu wrote: On Friday, July 21, 2017 at 5:06:42 PM UTC-5, Matthew Hardeman wrote: It seems that a group of Princeton researchers just presented a live theoretical* misissuance by Let's Encrypt. They did a sub-prefix hijack via a technique other than

Re: Symantec Update on SubCA Proposal

Hi Rick, Some more thoughts on your post. I continue to invite community commentary on the issues we are discussing. On 21/07/17 07:00, Rick Andrews wrote: > In our June 1 post, we stated that we would update the community after the > end of the month. Indeed. I was more referring to the

Re: Regarding CA requirements as to technical infrastructure utilized in automated domain validations, etc. (if any)

On 20/07/17 21:31, Ryan Sleevi wrote: > Broadly, yes, but there's unfortunately a shade of IP issues that make it > more difficult to contribute as directly as Gerv proposed. Gerv may accept > any changes to the Mozilla side, but if the goal is to modify the Baseline > Requirements, you'd need to