On Tue, Mar 13, 2018 at 11:26 AM, Kai Engert wrote:
> On 13.03.2018 15:59, Peter Bowen wrote:
> >>
> >> Which companies, other than Apple and Google, benefit from DigiCert
> >> running the Manager Partner Infrastructure and from DigiCert being part
> >> of the exclusion list?
> >
> > An unlimited
On Tuesday, March 13, 2018 at 2:02:45 PM UTC-7, Ryan Sleevi wrote:
> I'm hoping that LE can provide more details about the change management
> process and how, in light of this incident, it may change - both in terms
> of automated testing and in certificate policy review.
Forgot to reply to this
On Tue, Mar 13, 2018 at 4:02 PM, Ryan Sleevi wrote:
>
>
> On Tue, Mar 13, 2018 at 4:13 PM, Matthew Hardeman via dev-security-policy
> wrote:
>
>> I am not at all suggesting consequences for Let's Encrypt, but rather
>> raising a question as to whether that position on new inclusions /
>> renewal
On Tuesday, March 13, 2018 at 2:02:45 PM UTC-7, Ryan Sleevi wrote:
> availability of certificate linting tools - such as ZLint, x509Lint,
> (AWS's) certlint, and (GlobalSign's) certlint - there's no dearth of
> availability of open tools and checks. Given the industry push towards
> integration of
On Tue, Mar 13, 2018 at 4:13 PM, Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I am not at all suggesting consequences for Let's Encrypt, but rather
> raising a question as to whether that position on new inclusions / renewals
> is appropriate. If thes
The fact that this mis-issuance occurred does raise a question for the
community.
For quite some time, it has been repeatedly emphasized that maintaining a
non-trusted but otherwise identical staging environment and practicing all
permutations of tests and issuances -- especially involving new
fun
As I didn't write the blog post, I certainly can't speak to the
intent
The intent of the blog post was to let folks know about an error they
may encounter when Firefox 60 goes into Beta. And to have a place to
point folks to if they run into the error and ask about it.
It was *not* our in
On Tue, Mar 13, 2018 at 11:50 AM, Ryan Sleevi wrote:
>
>
> On Tue, Mar 13, 2018 at 11:26 AM, Kai Engert wrote:
>
>> On 13.03.2018 15:59, Peter Bowen wrote:
>> >>
>> >> Which companies, other than Apple and Google, benefit from DigiCert
>> >> running the Manager Partner Infrastructure and from Di
On 13.03.2018 15:59, Peter Bowen wrote:
>>
>> Which companies, other than Apple and Google, benefit from DigiCert
>> running the Manager Partner Infrastructure and from DigiCert being part
>> of the exclusion list?
>
> An unlimited set. Any company who purchases a certificate from
> DigiCert that
On Tue, Mar 13, 2018 at 10:52 AM, Peter Bowen wrote:
> On Tue, Mar 13, 2018 at 7:19 AM, Kai Engert via dev-security-policy
> wrote:
> > On 13.03.2018 14:59, Ryan Sleevi wrote:
> >> the blog post says, the subCAs controlled by Apple and Google are
> the
> >> ONLY exceptions.
> >>
> >>
On Tue, Mar 13, 2018 at 7:55 AM, Kai Engert via dev-security-policy
wrote:
> On 13.03.2018 15:35, Ryan Sleevi via dev-security-policy wrote:
>>
>>> Are the DigiCert transition CAs, which are part of the exclusion list,
>>> and which you say are used for "Managed Partner Infrastructure",
>>> strict
On Tue, Mar 13, 2018 at 10:55 AM, Kai Engert wrote:
> On 13.03.2018 15:35, Ryan Sleevi via dev-security-policy wrote:
> >
> >> Are the DigiCert transition CAs, which are part of the exclusion list,
> >> and which you say are used for "Managed Partner Infrastructure",
> >> strictly limited to supp
On 13.03.2018 15:35, Ryan Sleevi via dev-security-policy wrote:
>
>> Are the DigiCert transition CAs, which are part of the exclusion list,
>> and which you say are used for "Managed Partner Infrastructure",
>> strictly limited to support the needs of the Apple and Google companies?
>
>
> No.
I
On Tue, Mar 13, 2018 at 7:19 AM, Kai Engert via dev-security-policy
wrote:
> On 13.03.2018 14:59, Ryan Sleevi wrote:
>> the blog post says, the subCAs controlled by Apple and Google are the
>> ONLY exceptions.
>>
>> However, the Mozilla Firefox code also treats certain DigiCert subCAs
On Tue, Mar 13, 2018 at 10:19 AM, Kai Engert via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 13.03.2018 14:59, Ryan Sleevi wrote:
> > the blog post says, the subCAs controlled by Apple and Google are the
> > ONLY exceptions.
> >
> > However, the Mozilla Fir
On 13.03.2018 14:59, Ryan Sleevi wrote:
> the blog post says, the subCAs controlled by Apple and Google are the
> ONLY exceptions.
>
> However, the Mozilla Firefox code also treats certain DigiCert subCAs as
> exceptions.
>
> Based on Ryan Sleevi's recent comments on this list
On Tue, Mar 13, 2018 at 8:36 AM, Kai Engert via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote:
> > Wayne and I have posted a Mozilla Security Blog regarding the current
> > plan for distrusting the Symantec
On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote:
> Wayne and I have posted a Mozilla Security Blog regarding the current
> plan for distrusting the Symantec TLS certs.
>
> https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/
Hello Kathleen and Wayne,
On Tuesday, March 13, 2018 at 3:33:50 AM UTC-5, Tom wrote:
> > During final tests for the general availability of wildcard
> certificate support, the Let's Encrypt operations team issued six test
> wildcard certificates under our publicly trusted root:
> >
> > https://crt.sh/?id=353759994
> >
Same question. Does this mean the key used to sign the digicert roots is
subject to the distrust without exception?
> On Mar 13, 2018, at 1:36 PM, Kai Engert via dev-security-policy
> wrote:
>
>> On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote:
>> Wayne and I have posted a M
On 12.03.2018 22:19, Kathleen Wilson via dev-security-policy wrote:
> Wayne and I have posted a Mozilla Security Blog regarding the current
> plan for distrusting the Symantec TLS certs.
>
> https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/
Hello Kathleen and Wayne,
> During final tests for the general availability of wildcard
certificate support, the Let's Encrypt operations team issued six test
wildcard certificates under our publicly trusted root:
>
> https://crt.sh/?id=353759994
> https://crt.sh/?id=353758875
> https://crt.sh/?id=353757861
> https://crt
22 matches
Mail list logo