(top posting for consistency)
It should also be noted that OV certificates are certainly not, and EV
certificates possibly not, limited to corporations in the legal sense of
each jurisdiction.
For starters in many jurisdictions, government entities are not
technically corporations and thus not l
Forgive my ignorance, but could you please explain what was your
ultimate goal, as "an attacker", what were you hoping to gain and how
could you use this against Relying Parties?
I read your email several times but I could not easily find a case where
your fake address creates any serious co
On Thu, Sep 27, 2018 at 10:39 PM Tim Hollebeek
wrote:
> I'm glad you added the smiley, because in my experience CAs have rarely,
> if ever, have had any discretion in such matters.
That does not match reports from multiple former employees of various CAs.
Nor do we (DigiCert) particularly want
I'm glad you added the smiley, because in my experience CAs have rarely, if
ever, have had any discretion in such matters. Nor do we (DigiCert)
particularly want to, to be honest. I prefer clear, open, and transparent
validation rules that other CAs can't play games with.
Whitelisting and dis
> On Thu, 27 Sep 2018 14:52:27 +
> Tim Hollebeek via dev-security-policy
> wrote:
>
> > My personal impression is that by the time they are brought up here,
> > far too many issues have easily predicted and pre-determined outcomes.
>
> It is probably true that many issues have predictable o
Yes, it would be work, but would result in consistent and reliable
information, and already reflective of the fact that an EV certificate
needs to identify the jurisdictionOfIncorporation and it's incorporating
documents. Or are we saying that OV doesn't need to make sure it's actually
a valid and
A whitelist of QGIS sounds fairly difficult. And how long would it take to
adopt a new one?
In some states you're going to have an authority per county. It'd be a big
list.
On Thu, Sep 27, 2018 at 5:35 PM, Ian Carroll via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On
On Wednesday, September 26, 2018 at 6:12:22 PM UTC-7, Ryan Sleevi wrote:
> Thanks for raising this, Ian.
>
> The question and concern about QIIS is extremely reasonable. As discussed
> in past CA/Browser Forum activities, some CAs have extended the definition
> to treat Google Maps as a QIIS (it i
On Thu, 27 Sep 2018 14:52:27 +
Tim Hollebeek via dev-security-policy
wrote:
> My personal impression is that by the time they are brought up here,
> far too many issues have easily predicted and pre-determined outcomes.
It is probably true that many issues have predictable outcomes but I
thi
Visa has filed a bug [1] requesting removal of the eCommerce root from the
Mozilla root store. Visa has also responded to the information requested in
the qualified audits bug [2], but it's unclear if or when they will respond
to the issues list presented in this thread. Two weeks have passed since
A few additional points:
First off, thank you Rob and James for calling out unacceptable list
behavior. Personal attacks will not be tolerated from anyone on this list.
On Thu, Sep 27, 2018 at 10:26 AM Ryan Sleevi wrote:
>
> On Thu, Sep 27, 2018 at 11:17 AM Jeremy Rowley
> wrote:
>
>> Oh – I t
On Thu, Sep 27, 2018 at 11:17 AM Jeremy Rowley
wrote:
> Oh – I totally agree with you on the Google inclusion issue. Google meets
> the requirements for inclusion in Mozilla’s root policy so there’s no
> reason to exclude them. They have an audited CPS, support a community
> broader with certs th
Maybe Jake’s opinion is not being discarded as readily as I supposed. However,
Jake’s last message left me disturbed that he didn’t feel listened to.
Apologies if I’m overblowing the issue, which are definitely hypothetical at
this point. I did want Jake to feel like his input is an important pa
Oh – I totally agree with you on the Google inclusion issue. Google meets the
requirements for inclusion in Mozilla’s root policy so there’s no reason to
exclude them. They have an audited CPS, support a community broader with certs
than just Google, and have operated a CA without problems in th
> The question and concern about QIIS is extremely reasonable. As discussed in
> past CA/Browser Forum activities, some CAs have extended the definition to
> treat Google Maps as a QIIS (it is not), as well as third-party WHOIS services
> (they’re not; that’s using a DTP).
It's worth noting that
Speaking for myself ...
My personal impression is that by the time they are brought up here, far too
many issues have easily predicted and pre-determined outcomes.
I know most of the security and key management people for the payment
industry very well [1], and they're good people. The discussio
Richard,
Unfortunately Gerv is no longer with us, so he cannot respond to this
accusation. Having been involved in many discussions on m.d.s.p and with
Gerv directly, I am very sure Gerv deeply owned the decisions on StartCom
and WoSign. It was by no means Ryan telling Gerv or Mozilla what to do
It is unfair that somebody attacked me in the WoSign sanction discussion, but
no body say any word for this! Why? Due to Ryan is famous person and I am
nobody?
Best Regards,
Richard Wang
On Sep 27, 2018, at 18:24, James Burton mailto:j...@0.me.uk>>
wrote:
Richard,
Your conduct is totally u
On Wed, 26 Sep 2018 23:02:45 +0100
Nick Lamb via dev-security-policy
wrote:
> Thinking back to, for example, TSYS, my impression was that my post on
> the Moral Hazard from granting this exception had at least as much
> impact as you could expect for any participant. Mozilla declined to
> authori
Richard,
Your conduct is totally unacceptable and won’t be tolerated. You must read
the forum rules regarding etiquette.
Also I suggest you apologise to Ryan.
James
On Thu, 27 Sep 2018 at 10:33, Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Richard,
Richard,
You might like to familiarize yourself with the Mozilla Forum Etiquette
Ground Rules:
https://www.mozilla.org/en-US/about/forums/etiquette/
Note this in particular:
"Be civil.
No personal attacks. Do not feel compelled to defend your honor in
public. Posts containing personal attacks m
Hi Wayne
All problems have already been resolved from our side and we wait for the
PIT audit planned for the next week.
We will be able to provide the PIT before October 31th.
Best regards
Ramiro Muñoz Muñoz
AC Camerfirma SA.
CTO, Exploitation Manager, CISA.
+34 619 746 291 · rami...@camerfirma
22 matches
Mail list logo