On Mon, Jan 15, 2018 at 4:54 PM, Eric Mill wrote:
> I can only go on what's on the public list, but if it is as it appears and
> GS proactively researched their offering, identified a similar weakness via
> a separate BR method, and voluntarily turned off their implementation
On Mon, Jan 15, 2018 at 4:40 PM, Doug Beattie
wrote:
>
>
>
>
> *From:* Ryan Sleevi [mailto:r...@sleevi.com]
> *Sent:* Monday, January 15, 2018 4:14 PM
> *To:* Doug Beattie
> *Cc:* r...@sleevi.com;
On Mon, Jan 15, 2018 at 4:22 PM, Ryan Sleevi wrote:
>
>
> On Mon, Jan 15, 2018 at 4:11 PM, Eric Mill via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> That said, GlobalSign's offer to cut certificate lifetimes down to X
>> months
>> during the
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Monday, January 15, 2018 4:14 PM
To: Doug Beattie
Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org; Gervase
Markham ; Wayne Thayer
Subject: Re: Possible Issue
On Mon, Jan 15, 2018 at 4:11 PM, Eric Mill via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> That said, GlobalSign's offer to cut certificate lifetimes down to X months
> during the short-term, and to make sure OneClick is disabled within Y
> months from now, seems like a
On Mon, Jan 15, 2018 at 3:36 PM, Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ryan,
>
> I’m not sure where we go from here.
As suggested, we encourage you to work on devising technical mitigations or
alternative methods of validating such certificates
On Mon, Jan 15, 2018 at 2:30 PM, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Jan 15, 2018 at 1:18 PM, Doug Beattie >
> wrote:
>
> >
> > - The potential risk in maintaining this whitelist, given both the
> >
> -Original Message-
> From: Nick Lamb [mailto:n...@tlrmx.org]
> Sent: Monday, January 15, 2018 2:39 PM
>
> > - Total number of active OneClick customers: < 10
>
> What constitutes a OneClick customer in this sense?
These are web hosting companies that receive certificates for
Ryan,
I’m not sure where we go from here. We have customers that need certificates
and they have demonstrated they can comply with not permitting the creation and
use of certificates for domains other than those that the hosting company is
hosting for that customer. All certificates will
On Mon, 15 Jan 2018 18:18:10 +
Doug Beattie via dev-security-policy
wrote:
> - Total number of active OneClick customers: < 10
What constitutes a OneClick customer in this sense?
The focus of concern for tls-sni-01 was service providers who
On Mon, Jan 15, 2018 at 1:18 PM, Doug Beattie
wrote:
>
>
>
>
> *From:* Ryan Sleevi [mailto:r...@sleevi.com]
> *Sent:* Friday, January 12, 2018 5:53 PM
> *To:* Doug Beattie
> *Cc:* Wayne Thayer ; Gervase Markham <
>
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Friday, January 12, 2018 5:53 PM
To: Doug Beattie
Cc: Wayne Thayer ; Gervase Markham ;
r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Possible Issue
Sleevi,
Valid point, no intention to confuse, I have no current affiliation with
GlobalSign, though I once did.
The documentation that described the protocol seems to no longer be online,
the behavior is observable and has been discussed in the validation working
group within the CABFORUM so it
On 14/01/18 21:32, jacob.hoffmanandr...@gmail.com wrote:
> We discussed a similar approach (using CAA) on our community forum,
> and concluded we don't want to pursue it at this time:
> https://community.letsencrypt.org/t/tls-sni-via-caa/50172. The TXT
> record would probably work more widely than
14 matches
Mail list logo