On 2/5/19 4:36 μ.μ., Ryan Sleevi via dev-security-policy wrote:
> On Thu, May 2, 2019 at 9:14 AM Fotis Loukos wrote:
>
>> The PCA (I am calling it PCA even if it does not follow all the design
>> and architecture of RFC5288 PCAs for simplicity's sake) has the
>> technic
Hello,
On 30/4/19 8:26 μ.μ., Ryan Sleevi via dev-security-policy wrote:
> On Tue, Apr 30, 2019 at 1:10 PM Fotis Loukos wrote:
>
>> I am just arguing that there is no risk involved in having a single
>> certificate. I do agree that the model you proposed with the two
>>
Hello,
On 30/4/19 6:59 μ.μ., Ryan Sleevi via dev-security-policy wrote:
> On Tue, Apr 30, 2019 at 11:49 AM Fotis Loukos wrote:
>
>> On 30/4/19 6:34 μ.μ., Ryan Sleevi via dev-security-policy wrote:
>>> On Tue, Apr 30, 2019 at 8:51 AM Fotis Loukos wrote:
>>>
>>
On 30/4/19 6:34 μ.μ., Ryan Sleevi via dev-security-policy wrote:
> On Tue, Apr 30, 2019 at 8:51 AM Fotis Loukos wrote:
>
>> Hello Ryan,
>>
>> On 29/4/19 5:20 μ.μ., Ryan Sleevi via dev-security-policy wrote:
>>> On Fri, Apr 26, 2019 at 7:02 PM Wayne Thayer
rmediate under that hierarchy.
>
> As it's unclear to me the benefit of accommodating the PCAs, because as you
> note, it's more complexity to the policy, and because it seems to be
> systemically more riskier for end-users and more expensive for CAs, I don't
> think we should
olicy/commit/a8353e12db6128d9a01de7ab94949180115a2d92
> [2] https://github.com/mozilla/pkipolicy/issues/172
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
--
Fotis Loukos, PhD
Director o
irements set by the Mozilla Root Store Policy. This linter is set up
to lint the tbsCertificates at the same time as the aforementioned linters.
- The compliance department will provide feedback to the team that
maintains the linter in order to keep it up to date.
Best regards,
Fotis
--
Fotis
violations after browsers' concent (granting
an exception). Before two paragraphs you stated that you never proposed
making an extended revocation legal.
Regards,
Fotis
>
>
> Dimitris.
>
>
>
> On 4/12/2018 8:00 μ.μ., Fotis Loukos via dev-security-policy wrote:
>> Hell
a CA will be able to do this risk assessment and how can root
store operators decide on this within 24h in order to extend this
period? If no, would you trust such a risk assessment?
Regards,
Fotis
>
>
> On 04/12/2018 11:02, Fotis Loukos wrote:
>> Hello everybody,
>> Fir
Hello everybody,
First of all, I would like to note that I am writing as an individual
and my opinion does not necessarily represent the opinion of my employer.
An initial comment is that statements such as "I disagree that CAs are
"doing their best" to comply with the rules." because some CAs
, possibly revoke the problematic certificates and at least
momentarily pause the issuance of new certificates until the issue is
resolved. I consider this a serious issue that displays problematic
practices within the CA.
Regards,
Fotis
--
Fotis Loukos, PhD
Director of Security Architecture
SSL Corp
e
hat the
> module owner is the decision maker, and that public participation is fully
> welcomed, whether peers or otherwise. In that model - of transparency -
> doesn't support the claims being presented here as 'fact', and instead
> highlights them as 'assumption's that they are.
>
On 04/11/2017 02:36 μμ, Daniel Cater via dev-security-policy wrote:
> I notice that on https://crt.sh/mozilla-onecrl there are lots of certificates
> that have recently been added to OneCRL from the .tg TLD (Togo), including
> ones for high-profile domains such as google.tg. The issuances
TI. The last audit took place from 27th to 30th September
>> 2016 in applying the relevant ETSI Technical Specifications ETSI TS
>> 102042v2.4.1.
>
> And that audit includes a BR audit?
>
> Did the audit report have any qualifications?
>
> Gerv
> __
On 09/10/2016 05:43 PM, Erwann Abalea wrote:
> Bonjour,
>
> Le samedi 10 septembre 2016 14:37:40 UTC+2, Han Yuwei a écrit :
>> I am using Cloudflare's DNS service and I found that Cloudflare has issued a
>> certficate to their server including my domain. But I didn't use any SSL
>> service of
15 matches
Mail list logo
