All,
I have had the tremendous opportunity to work with Gerv Markham on the
CA Program for many years, and am extremely grateful to Gerv for his
countless valuable and lasting contributions to the CA world.
Gerv has decided to step away from work at this time, to focus on his
family[1]. We
On Fri, Feb 16, 2018 at 3:41 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I have begun work on version 2.6 of the Root Store Policy by drafting some
> changes that are [I hope] uncontroversial. The diff can be viewed at
>
I have begun work on version 2.6 of the Root Store Policy by drafting some
changes that are [I hope] uncontroversial. The diff can be viewed at
https://github.com/mozilla/pkipolicy/compare/2.6
The changes I have already drafted are:
- Require disclosure of email validation practices in CPS
On Fri, 16 Feb 2018 08:15:10 -0800
> Given this group focused on Mozilla, it is likely out of scope to
> discuss Chromium design. I do suggest you look at
> https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
> It seems reasonably clear the marking is per top level page
On Fri, Feb 16, 2018 at 3:34 AM, Kevin Chadwick via
dev-security-policy wrote:
>
> On that subject I think the chromium reported plan to label sites as
> insecure should perhaps be revised to page insecured or something more
> accurate?
Given this group
On Thu, Feb 15, 2018 at 6:34 AM, Kevin Chadwick wrote:
> The cookies etc. should be SSL only. Particular pages enforced, sure.
>
> Enforcing TLS with HSTS sitewide means that users with failed
> bios/laptop batteries have to know to reset their clock or get used to
>
On Thu, 15 Feb 2018 15:55:27 -0600
> I'm not sure this can be worked around. A setup where time is not
> pulled from the network is abnormal now, and most people who have such
> a system soon realize what the issue is.
OpenNTP has a constraint system but considering NTP is a latent,
insecure,
On Fri, 16 Feb 2018 11:28:41 +
Arkadiusz Ławniczak via dev-security-policy
wrote:
> The issue was caused by incorrect calculation of the SHA1
> fingerprint of public key. Public keys hashes stored in Certum's
> database was calculated from the
Hello ALL
Please find our incident report below.
1. How your CA first became aware of the problem and the time and date.
1) 3 February 2018, 12:06 CET - Certum receives the message from
ha...@hboeck.de to rev...@certum.pl.
2. A timeline of the actions CERTUM took in
On 15.02.2018 13:34, Kevin Chadwick wrote:
> Enforcing TLS with HSTS sitewide means that users with failed
> bios/laptop batteries have to know to reset their clock or get used to
> bypassing SSL warnings or use out of date browsers to access sites.
Firefox and many other browsers have their own
10 matches
Mail list logo