On Thursday, August 22, 2019 at 5:50:35 PM UTC-5, Ronald Crane wrote:
> On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
> > I can tell you that anti-phishing services and browser phishing filters
> > have also have concluded that EV sites are very unlikely to be phishing
>
I only know because I was looking at this issue tonight as well to add an
update later to the joi bug I posted.
From: dev-security-policy on
behalf of Jeremy Rowley via dev-security-policy
Sent: Thursday, August 22, 2019 9:07:51 PM
To: Corey Bonnell ; Doug
It's a trap. I do wish memes showed up here
Censys shows something like 130 globalsign certs with abbreviated joi info. I
think we show 16?
From: dev-security-policy on
behalf of Corey Bonnell via dev-security-policy
Sent: Thursday, August 22, 2019
I posted this tonight: https://bugzilla.mozilla.org/show_bug.cgi?id=1576013.
It's sort of an extension of the "some-state" issue, but with the incorporation
information of an EV cert. The tl;dr of the bug is that sometimes the
information isn't perfect because of user entry issues.
What I was
On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
I can tell you that anti-phishing services and browser phishing filters have
also have concluded that EV sites are very unlikely to be phishing sites and so
are safer for users.
Whatever the merits of EV (and perhaps
On Monday, August 12, 2019 at 2:31:22 PM UTC-4, Wayne Thayer wrote:
> Mozilla has announced that we plan to relocate the EV UI in Firefox 70,
> which is expected to be released on 22-October. Details below.
>
> If the before and after images are stripped from the email, you can view
> them here:
I'm not sure there should be a strict requirement that you can't provide that
communication (sometimes there is good reason to get people talking together).
However, we don't forward this information as policy because we like to get the
reports. Anything that ends up stifling getting the
I'm merely a relying party and subscriber, but it seems quite unreasonable
to believe that there is or should be any restriction upon a party to a
business communication (which is what a report / complaint from a third
party regarding key compromise, etc, is) from further dissemination of said
Today we opened a bug disclosing misissuance of some certificates that have
invalid State/Prov values:
https://bugzilla.mozilla.org/show_bug.cgi?id=1575880
On Tuesday August 20th 2019, GlobalSign was notified by a third party
through the report abuse email address that two certificates
On Wednesday, August 21, 2019 at 3:43:21 PM UTC-4, Ryan Sleevi wrote:
> (Apologies if this triple or quadruple posts. There appears to be some
> hiccups somewhere along the line between my mail server and the m.d.s.p.
> mail server and the Google Groups reflector)
>
> I've recently shared some
DigiCert currently has a policy of not publishing the names of those who
report things to us without their permission. It just seems like the right
thing to do.
If we do find that people are abusing that protection to selectively harass
people that they personally have issues with, we may need
So, pinning is an extremely complicated topic that I've always wanted to write
a blog post about, but have never had the time to do it. It happens fairly
regularly that we have to assist a company that has painted themselves into a
corner with a poorly thought out pinning scheme.
In my
12 matches
Mail list logo
