Hi Ryan
I am so sorry but is the same error.
CN NAME NOT INCLUDE IN THE SAN
Local IP ADRESS
Policy not upto date
Is clear for me and i understand.
All this error became from approuved authority. Is the risk no.
Then The ecosystem is not protected!
ANIS
Hi Ryan
just I want to remind you of these discussion and your opinion below
in some was different than you say here !!!
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/CfyeeybBz9c
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/K3sk5ZMv2DE
and
Every year the ca root will gave the official annual audit to mozilla who prove
the respect of norms. this audits made from a recognized auditors
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Every year the ca root will gave the official annual audit to mozilla who prove
the respect of norms. this audits made from a recognized auditors
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
the risk still exists. for example a root ca included in mozilla and generates
nonconforming certificates. what to do???
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Is a good idea to limited the ca root at first at code country or the TLD of
this country like .tr for turkey or .fr for France
In second step this ca root put the new request for they other domain or code
and this request take a profond and enforced check like 2 years of period.
for example there is some root not recognized by mozilla but recognized by
microsoft after an Etsi or webtrust audits
why not put a single recognition platform for all this will save time
___
dev-security-policy mailing list
we keep the checks and the audits according to cabf. We reduce the discussion
time to 6 months. After the inclusion is set a period of one year of compliance
testing. while controlling the certificates issued by this authority. we can
exclude the root ca in the next versions.
you do not notice
root CA inclusion procedures are very long, so do not simplify them to
encourage the certification culture.
for example give root the chance to be included for a period of one year during
this time it is decided that it remains or not while respecting the norms
course.
if in the course of this
Le dimanche 4 mars 2018 22:06:23 UTC+1, Eric Mill a écrit :
> Last week, Trustico (a reseller, formerly for Symantec and now for Comodo)
> sent 23,000 private keys to DigiCert, to force their revocation. This
> showed that Trustico had been storing customer keys generated through one
> or more
Le mercredi 19 juillet 2017 10:10:19 UTC+1, Aaron Wu a écrit :
> This request from the Government of Tunisia is to include the “Tunisian Root
> Certificate Authority - TunRootCA2” root certificate, and enable the Websites
> trust bit.
>
> The request is documented in the following bug:
>
11 matches
Mail list logo
