I'd just like to add or reinforce a few points based on my approach to
managing open incident bugs:
* I have leaned heavily to the side of leaving bugs open if there is the
potential for additional questions, and always if there are any incomplete
remediations. This means that bugs do tend to
On Fri, 22 May 2020 22:48:42 +
Daniela Hood via dev-security-policy
wrote:
> Hello,
>
> Thank you for all the comments in this thread. We filed an incident
> report related to the revocation timing that can be followed here:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1640310. We also
Hello,
Thank you for all the comments in this thread. We filed an incident report
related to the revocation timing that can be followed here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1640310. We also identified the
error in revocation reason as a user error, corrected the error and
I believe you’ve still implied, even in this reply, that this is something
serious or important. I see no reason to believe that is the case, and I
wasn’t sure if there was anything more than a “Here’s a SHOULD and here’s
people not doing it,” which doesn’t seem that useful to me.
On Fri, May 22,
Hi,
On Fri, 22 May 2020 09:55:22 -0400
Ryan Sleevi via dev-security-policy
wrote:
> Could you please cite more specifically what you believe is wrong
> here? This is only a SHOULD level requirement.
I think I said that more or less:
> > I'm not going to file individual reports for the CAs.
Thanks, Corey.
I've added this as a matter to consider in a future version of the Root
Store Policy. https://github.com/mozilla/pkipolicy/issues/215
On Thu, May 21, 2020 at 7:23 PM Corey Bonnell via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> While I realize the current
On Fri, May 22, 2020 at 5:12 AM Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Fri, May 22, 2020 at 10:38:34AM +0200, Hanno Böck via
> dev-security-policy wrote:
> > Just reported this to Chunghwa Telecom Co., Ltd.:
> >
> > --
> >
> > I'm
Hanno,
Could you please cite more specifically what you believe is wrong here?
This is only a SHOULD level requirement.
Are you aware of any clients that enforce or even check the mime type for
these requests? I am not, nor am I aware of any issues deviating from the
SHOULD would present.
On
Hi,
we've checked it and we will update it soon.
Thank you very much
Juan Ángel
De: dev-security-policy en
nombre de Hanno Böck via dev-security-policy
Enviado: viernes, 22 de mayo de 2020 10:27
Para: mozilla-dev-security-pol...@lists.mozilla.org
Asunto: CA
On Fri, May 22, 2020 at 10:38:34AM +0200, Hanno Böck via dev-security-policy
wrote:
> Just reported this to Chunghwa Telecom Co., Ltd.:
>
> --
>
> I'm contacting you about a problem with the certificate for
> *.hinet.net, as it can be found here [1].
>
> The Authority Information
Just reported this to Chunghwa Telecom Co., Ltd.:
--
I'm contacting you about a problem with the certificate for
*.hinet.net, as it can be found here [1].
The Authority Information Access / CA Issuers field points to:
http://repository.publicca.hinet.net/certs/IssuedToThisCA.p7b
Hi,
Doing some analysis on the AIA CA Issuer field I checked the content
types the certificates are served. These are the AIA issuer fields in
the top 1 from the alexa list, so this is incomplete.
According to RFCs application/pkix-cert is the only correct
content-type. However the majority
12 matches
Mail list logo
