Re: GoDaddy: Failure to revoke certificate with compromised key within 24 hours

2020-06-03 Thread Cynthia Revström via dev-security-policy
Hi Daniela, Sorry if I am missing something, but what do you mean by "incorrect revocation reason"? The first sentence in the email sent to you by Sandy sounds pretty clear to me "Request you revoke the all certificate associated with this compromised key". Also I don't see how any of what you

Re: Policy Module Ownership

2020-01-22 Thread Cynthia Revström via dev-security-policy
Thank you Wayne for all you have done! >From what I have seen in my limited experience with the MDSP, you have done an excellent job, and you will be missed. Good luck with whatever you are doing next! - Cynthia On Tue, Jan 21, 2020 at 11:10 PM Wayne Thayer via dev-security-policy <

Re: DNS records and delegation

2019-10-11 Thread Cynthia Revström via dev-security-policy
Hello, I just want to add that Let's Encrypt also allows for this (at least if I understand what you correctly) This following is from https://letsencrypt.org/docs/challenge-types/ > Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use

Re: Website owner survey data on identity, browser UIs, and the EV UI

2019-09-22 Thread Cynthia Revström via dev-security-policy
Kirk, may I remind you that Ryan Sleevi is posting in personal capacity here, as is the default on m.d.s.p unless otherwise specified. So please do not drag his employer into this discussion. Ryan SleeviPeer of the CA Certificates Module ;

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-27 Thread Cynthia Revström via dev-security-policy
> > Because no actual proof that DV versus EV makes no difference in the > current (not ancient or anecdotal) situation has been posted. > > To me that sounds like you are suggesting that we prove that nothing happened, which is pretty much impossible. Why don't you or the CAs offering EV prove

Re: DarkMatter Concerns

2019-07-17 Thread Cynthia Revström via dev-security-policy
I would like to point out that in the recent appeal PDF posted on bugzilla showed darkmatter.ae in the footer on page 2 and onwards. This further makes me believe that there is not much separation of the entities. - Cynthia On Wed, 17 Jul 2019, 01:29 Ronald Crane via dev-security-policy, <

Re: DarkMatter Concerns

2019-07-10 Thread Cynthia Revström via dev-security-policy
Hi Scott, Below is my personal view on it, I acknowledge that it is highly subjective. For one, people and companies in the UAE could get certs from non-UAE CAs. I live in Sweden, yet I have certs from Norwegian, British, and American CAs. Another issue I have is that I think there is a

Re: DarkMatter Concerns

2019-06-23 Thread Cynthia Revström via dev-security-policy
My view is a bit different, we have lots of CAs already, I think it is more important to be extra secure rather than to take unnecessary risks. While I do understand that Dark Matter's focus is on the UAE, I also have to say, as far as I am aware, there are multiple CAs that will issue certs to

Re: DarkMatter Concerns

2019-03-07 Thread Cynthia Revström via dev-security-policy
Exactly what I was thinking On 2019-03-07 09:21, Georg Koppen via dev-security-policy wrote: Benjamin Gabriel via dev-security-policy: Dear Ryan, A fair and transparent public discussion requires full disclosure of each participant's motivations and ultimate agenda. It would be neat if you

Re: DarkMatter Concerns

2019-03-07 Thread Cynthia Revström via dev-security-policy
On 2019-03-07 06:14, Benjamin Gabriel via dev-security-policy wrote: Until such time as we have been formally advised by your employer (Google), that you no longer represent their views in CABForum, or in this Mozilla-dev-security-policy forum, we will proceed on the basis that all of your

Re: Possible DigiCert in-addr.arpa Mis-issuance

2019-03-04 Thread Cynthia Revström via dev-security-policy
On 2019-03-04 20:23, Jeremy Rowley via dev-security-policy wrote: 2) Of the 3,000, the only certificate we found where the scope was not set to be the scope of the WHOIS document was the one reported by Cynthia. That is good to hear :) - Cynthia

Re: Possible DigiCert in-addr.arpa Mis-issuance

2019-03-02 Thread Cynthia Revström via dev-security-policy
On 2019-03-02 01:49, George Macon via dev-security-policy wrote: One specific question on this point: Why did the software permit setting the approval scope to a public suffix (as defined by inclusion on the public suffix list)? Could validation agent action set the approval scope to some other

Re: Possible DigiCert in-addr.arpa Mis-issuance

2019-02-27 Thread Cynthia Revström via dev-security-policy
to file a bug report and give you more information on what exactly went wrong. .arpa is in IANA's root zone per https://www.iana.org/domains/root/db. Jeremy -Original Message- From: dev-security-policy On Behalf Of Cynthia Revström via dev-security-policy Sent: Tuesday, February 26, 2019 4

Re: Possible DigiCert in-addr.arpa Mis-issuance

2019-02-26 Thread Cynthia Revström via dev-security-policy
icy <mailto:dev-security-policy@lists.mozilla.org>> wrote: Thanks Cynthia. We are investigating and will report back shortly. From: dev-security-policy mailto:dev-security-policy-boun...@lists.mozilla.org>> on behalf of Cynthia R

Possible DigiCert in-addr.arpa Mis-issuance

2019-02-26 Thread Cynthia Revström via dev-security-policy
Hello dev.security.policy Apologies if I have made any mistakes in how I post, this is my first time posting here. Anyway: I have managed to issue a certificate with a FQDN in the SAN that I do not have control of via Digicert. The precert is here: https://crt.sh/?id=1231411316 SHA256: