On Tuesday, December 18, 2018 at 2:44:22 AM UTC-8, Matt Palmer wrote:
> Hi all,
>
> I'd like to make everyone aware of a service I've just stood up, called
> pwnedkeys.com. It's intended to serve as a clearinghouse of known-exposed
> private keys, so that services that accept public keys from ext
On Tue, Dec 18, 2018 at 6:52 PM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ballot 202 failed. I’m not sure how it’s relevant other than to indicate
> there was definite disagreement about whether underscores were permitted or
> not. As previously mentio
Yeah – I’ll be providing an accurate incident report (working on gathering all
the information). The incident report assumes we don’t revoke of course.
Revocation is still on the table. However, I wanted to start the conversation
with everything I know so far:
1) ~2200 certs
2) Roughly 15 c
Jeremy,
It seems like any answer for what it "might" look like if a CA violated the
BRs in a particular way is going to be predicated on what the incident
report says. In the case of a hypothetical like this, it seems like the
hypothetical incident report would discuss what is planned or proposed,
On Tue, Dec 18, 2018 at 3:47 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Removing the "underscore mandatory" and "specific name X_Y mandatory"
> rules
> from deployed systems without introducing security holes takes more than
> the
> 1 month they have
On 18/12/2018 18:15, Ryan Sleevi wrote:
> On Tue, Dec 18, 2018 at 8:19 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 10/12/2018 18:09, Ryan Sleevi wrote:
>>> On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
>>> dev-security
The total number of certs impacted is about 2200. Just more info.
-Original Message-
From: dev-security-policy On
Behalf Of Jeremy Rowley via dev-security-policy
Sent: Tuesday, December 18, 2018 3:28 PM
To: mozilla-dev-security-policy
Subject: Underscore characters
We're looking at the
We're looking at the feasibility of replacing the certificates with
underscore characters by Jan 15th. Revoking all of the certificates will
cause pretty bad outages. We're prepared to revoke them but would like to
discuss (before the date) what should happen if we don't revoke. There are
about 15
Forwarded Message
Subject: Summary of December 2018 Audit Reminder Emails
Date: Tue, 18 Dec 2018 20:00:20 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
TrustCor RootCert CA-2
TrustCor RootCert CA-1
TrustCor ECA-1
Standard Audit:
http://www.cpacanada.ca/Generic
On Tue, Dec 18, 2018 at 1:53 PM Tim Hollebeek
wrote:
> The problem is that the attackers get to choose the CA they use, so
> multi-perspective validation doesn't provide any benefits unless everyone
> has to do it.
>
> I brought it up several times at the validation working group and as a
> discu
The problem is that the attackers get to choose the CA they use, so
multi-perspective validation doesn't provide any benefits unless everyone
has to do it.
I brought it up several times at the validation working group and as a
discussion topic at the Shanghai face to face, but unfortunately there
On Tue, Dec 18, 2018 at 8:19 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 10/12/2018 18:09, Ryan Sleevi wrote:
> > On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >> Hell
On Tue, Dec 18, 2018 at 7:41 AM Rob Stradling wrote:
> On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
>
> > I think it;s worth calling out that Let's Encrypt has implemented what
> > appears to be a relatively simple mitigation:
> >
> https://community.letsencrypt.org/t/edns-bu
On 10/12/2018 18:09, Ryan Sleevi wrote:
> On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Hello!
>>
>> It would be helpful, if the CA/B or Mozilla could publish a document on
>> its web pages to which we can redirect ou
On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
> I think it;s worth calling out that Let's Encrypt has implemented what
> appears to be a relatively simple mitigation:
> https://community.letsencrypt.org/t/edns-buffer-size-changing-to-512-bytes/77945
Sectigo implemented this sam
Hi all,
I'd like to make everyone aware of a service I've just stood up, called
pwnedkeys.com. It's intended to serve as a clearinghouse of known-exposed
private keys, so that services that accept public keys from external
entities (such as -- relevant to mdsp's interests -- CAs) can make one cal
16 matches
Mail list logo