for multiple certs
and never issued certs.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Servi
version if applicable, but also assigning one or more employees to the
task), could be done in a week or so, maybe a month if the deciding
boss is on holiday on the publication date.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
audit of no issuance
(technically a full audit) is overdue, which is clearly a problem.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
On 20/03/2018 18:49, Ryan Sleevi wrote:
On Tue, Mar 20, 2018 at 1:30 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Are you suggesting that the BRs be modified so a CA that has ceased
issuance can obtain a clean audit report without meeting all c
On 20/03/2018 17:39, Wayne Thayer wrote:
Jakob,
On Mon, Mar 19, 2018 at 9:48 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 17/03/2018 01:23, Wayne Thayer wrote:
Note, that if it is reasonably certain/validated that the only activity
is maint
T/zertifikate/en/6749UE_s.pdf
<https://cabforum.org/pipermail/public/2016-September/008475.html>
[5] https://cabforum.org/pipermail/public/2016-September/008475.html
<https://cabforum.org/pipermail/public/2016-September/008475.html>
[6] https://bugzilla.mozilla.org/show_bug.cgi?id=1439127
n the FQDN and to investigate if any additional problematic
certificates existed.
B. CTJ patched its system on Mar 14.
Ben Wilson, JD, CISA, CISSP
DigiCert VP Compliance
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
don't add that restriction themselves.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
sts that if the Mozilla program introduces their own
requirements
around reseller management and disclosure then the probability of a
CABF
ballot with similar restrictions passing is relatively high (thus
getting
it into the audit regime).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 26/02/2018 21:28, Ryan Sleevi wrote:
On Mon, Feb 26, 2018 at 3:05 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On Mon, Feb 26, 2018 at 12:23 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 2
a) are highly likely to be true, as EV codesign is
only available for SmartCard/HSM/USBToken stored private keys, making
theft of properly issued certificates near impossible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Di
On Thu, Feb 22, 2018 at 10:10 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 22/02/2018 22:17, James Burton wrote:
There needs to be a program that helps security researchers like myself
get
free or low cost certificates for research purposes. T
low. Even for testing.
Especially since such research certificates are probably going to
trigger additional manual revocation procedures (= more man-hours to be
paid).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
apply, at least, to GlobalSign according to
another thread).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
icate is issued until the Expiry Date
BR 6.3.2 sets the limits on the "validity period"
So the BRs limit the time between the /actual/ date of issuance and the
"Not After" date in the certificate.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Tra
On 22/01/2018 10:47, Gervase Markham wrote:
On 19/01/18 13:20, Jakob Bohm wrote:
My suggestions are only meant to inspire formal rules written / chosen
by module leaders such as you.
But the entire point of this discussion is that we are pointing out it's
hard to make such rules in the way
g the ACME spec, but is sure seems like the
validation is not being done on the ADN.
Doug
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message
On 19/01/2018 11:09, Gervase Markham wrote:
On 19/01/18 01:05, Jakob Bohm wrote:
On 18/01/2018 11:01, Gervase Markham wrote:
On 17/01/18 19:49, Jakob Bohm wrote:
3. Major vertical CAs for high value business categories that issue
publicly trusted certificates at better than EV level
On 18/01/2018 11:01, Gervase Markham wrote:
On 17/01/18 19:49, Jakob Bohm wrote:
3. Major vertical CAs for high value business categories that issue
publicly trusted certificates at better than EV level integrity. For
How do you define "major"? And "high value business cate
On 17/01/2018 22:51, Peter Bowen wrote:
On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
4. Selected company CAs for a handful of too-bit-to-ignore companies
that refuse to use a true public CA. This would currently pr
On 17/01/2018 23:03, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 16:24, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
On 17/01/2018 21:14, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
<dev-securi
On 17/01/2018 21:14, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 14:27, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
On 17/01/2018 16:13, Jonathan Rudenberg wrote:
On Jan 17, 2018, at 09:54, Alex Gaynor via dev-security-policy
<dev-securi
e included in Mozilla's root program MUST:
1.provide some service relevant to typical users of our software
products;
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion mess
owards
ensuring that the roots accepted are operated with the high level goals
described by Alex in mind, and allow more agility at the root store level to
respond to issues.
Jonathan
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg,
party posts) asking hosting providers to block uploads
of certificates for acme.invalid.
This situation has since changed, and most of my suggestions are thus
mostly moot.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct
On 11/01/2018 05:38, Ryan Sleevi wrote:
On Thu, Jan 11, 2018 at 2:46 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 11/01/2018 01:08, Ryan Sleevi wrote:
On Wed, Jan 10, 2018 at 6:35 PM, Jakob Bohm via dev-security-policy <
dev-securi
On 11/01/2018 01:08, Ryan Sleevi wrote:
On Wed, Jan 10, 2018 at 6:35 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Agree.
Hence my suggestion that TLS-SNI-0next use a name under the customer's
domain (such as the name used for DNS-01), not a name
s to keep whitelists and blacklists of
hostable TLDs.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Manage
other certificate can have been issued in violation of all formal
procedures but (by dumb luck) been issued to the right party and thus
not misissued anyway (though proving so may be difficult within the
short timeframe needed to revoke it due to lack of reason to believe it
wasn't misissued in the
On 10/01/2018 16:38, ssimon.g...@gmail.com wrote:
On Wednesday, January 10, 2018 at 3:34:51 PM UTC+1, Jakob Bohm wrote:
Depending on exactly how the shared web server is misconfigured
I don't think the web server is misconfigured: serving a self signed cert for
any domain - even one that I
._acme.requested.domain.example.com
since that would allow hosting providers to restrict certificate uploads
that claim to be for other customers domains. Maybe the name form used
by TLS-SNI-02 could be the same as for the DNS-01 challenge.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
017 18:48, Ryan Sleevi wrote:
Or just generate longer serials with random.
Which is much simpler.
On Fri, Dec 29, 2017 at 11:57 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 29/12/2017 13:55, Nick Lamb wrote:
On Fri, 29 Dec 2017 07:24:31 +010
On 29/12/2017 13:55, Nick Lamb wrote:
On Fri, 29 Dec 2017 07:24:31 +0100
Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
3. Or would the elimination in #2 reduce the entropy of such serial
numbers to slightly less than 64 bits (since there are less
for all but the first such certificate)?
4. If the answers are yes, no, yes, why doesn't cablint flag
certificates with serial numbers of less than or equal to 64 bits as
non-compliant?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg
On 15/12/2017 22:33, Ryan Hurst wrote:
On Tuesday, December 12, 2017 at 1:08:24 PM UTC-8, Jakob Bohm wrote:
On 12/12/2017 21:39, Wayne Thayer wrote:
On Tue, Dec 12, 2017 at 7:45 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 12/12/2017 19:39,
On 15/12/2017 02:30, Ryan Sleevi wrote:
On Thu, Dec 14, 2017 at 5:01 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 14/12/2017 00:23, Peter Gutmann wrote:
Tim Shirley via dev-security-policy <
dev-security-policy@lists.mozilla.or
s have more need of a
signalling mechanism like that than anyone else.
Peter.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
assification of what is stronger/weaker/equivalent/incomparable).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Servic
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
the entirety of the US nation, of which the
government is just one major part.
They are at an Organization level.
However there are two OID paths in that regard.
What OID paths?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denm
On 13/12/2017 18:38, Nick Lamb wrote:
On Wed, 13 Dec 2017 12:29:40 +0100
Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
What is *programmatically* enforced is too little for human safety.
believing that computers can replace human judgement is a big m
conducted behavioral experiments (not to be confused
with A/B experiments on unwilling participants).
On 13/12/2017 13:39, Ryan Sleevi wrote:
On Wed, Dec 13, 2017 at 6:29 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Yes. This is the foundation
On 12/12/2017 22:51, Ryan Sleevi wrote:
On Tue, Dec 12, 2017 at 3:44 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
What you are writing below, with far too many words is that you think
that URLs are the only identities that matter in this
On 12/12/2017 21:39, Wayne Thayer wrote:
On Tue, Dec 12, 2017 at 7:45 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 12/12/2017 19:39, Wayne Thayer wrote:
The outcome to be avoided is a CA that holds in escrow thousands of
private keys used f
On 12/12/2017 20:04, Ryan Sleevi wrote:
On Tue, Dec 12, 2017 at 1:11 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
The overall thing is that the current thread seems to be a major case of
throwing the baby out with the bathwater.
That is
tore it securely
Wayne
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Pho
On 12/12/2017 18:31, Jonathan Rudenberg wrote:
On Dec 12, 2017, at 08:36, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
A lot of people have posed suggestions for countermeasures so extreme
they should not be taken seriously. This includes discont
On 12/12/2017 18:19, Ryan Sleevi wrote:
On Tue, Dec 12, 2017 at 8:36 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 12/12/2017 01:08, Adam Caudill wrote:
Even if it is, someone filed the paperwork. Court houses have clerks,
guards, video c
e
per-country and global lists of name-dominating organizations will both
take some time and should be done in parallel.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-
On 01/12/2017 17:06, Ryan Sleevi wrote:
On Fri, Dec 1, 2017 at 10:33 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Depending on the prevalence of non-public CAs (not listed in public
indexes) based on openssl (this would be a smallish company thin
e NSS with final TLS 1.3 version
ships
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
On 28/11/2017 15:53, Nick Lamb wrote:
On Tue, 28 Nov 2017 04:26:30 +0100
Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
Nick Lamb, in the message I replied to, clearly suggested as much, and
provided a contrived scenario to "prove" that poin
On 28/11/2017 04:16, Ryan Sleevi wrote:
On Mon, Nov 27, 2017 at 8:29 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 27/11/2017 19:37, Nick Lamb wrote:
On Fri, 24 Nov 2017 12:25:40 +
Gervase Markham via dev-security-policy
<dev-securi
On 28/11/2017 02:29, Jakob Bohm wrote:
On 27/11/2017 19:37, Nick Lamb wrote:
On Fri, 24 Nov 2017 12:25:40 +
Gervase Markham via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
...
While your scenario below sounds compelling, it is very much a contrived
sc
__
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
On 22/11/2017 16:38, Gervase Markham wrote:
On 22/11/17 10:54, Jakob Bohm wrote:
Some notes about previously discussed items:
Mozilla is not suggesting that WoSign has completed all of the steps.
The entire point is that we want to have this pre-discussion before they
make the effort to do so
f WoSign and
> other responsibilities. It is not decided who will replace him.
>
> ...
Although not listed in the Action plan in #1311824, it is noteworthy
that Richard Wang has apparently not been relieved of his other
responsibilities, only the CEO title. Was this part of the o
- Other - explain
~~
Thanks,
Kathleen
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for P
a referenced ETSI standard.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Serv
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
to deobfuscate the bitmasks with
your favorite bignum calculator.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
t
might be a good example of that happening).
6. Under "Incident Report", item 3, remove the word "TLS/SSL" to make
the bullet point equally applicable to e-mail certs, OCSP certs etc.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transf
uration.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Pho
activating the Certinomis path for
their server.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
ROR or NXDOMAIN and which indicates that
no such record is there.
Real world experience may add a few other error codes indicating valid
absence of a record in an unsigned zone.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 1
. level domain under local. as the certificate holder(s). The main
issue here is that since the local. TLD doesn't have an official
registry, there is no way that the CA could have properly validated
that *any* applicant was the proper owner of such a 2nd level domain,
because noone is.
E
On 07/09/2017 21:00, Ryan Sleevi wrote:
On Thu, Sep 7, 2017 at 1:20 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
All but one of your suggestions would require the revocation of existing
SubCA certificates, essentially invalidating all existin
On 01/09/2017 20:07, Ryan Sleevi wrote:
On Fri, Sep 1, 2017 at 2:07 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
...
So, from the get-go with the standards, it was possible to name constrain
DNS. Unless you were referencing certificates prior t
On 01/09/2017 02:14, Ryan Sleevi wrote:
On Thu, Aug 31, 2017 at 5:21 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 31/08/2017 22:26, Ryan Sleevi wrote:
Agreed. But in general, in order to maintain interoperability, there's a
process for bu
On 31/08/2017 22:26, Ryan Sleevi wrote:
On Thu, Aug 31, 2017 at 4:13 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I am aware that this was the original specification. However like many
other parts of PKIX it may not be as good in 20/20 hin
On 31/08/2017 21:49, Ryan Sleevi wrote:
On Thu, Aug 31, 2017 at 8:18 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Would it be beneficial to Mozilla in particular and the larger PKI
community in general if the following was added to implement
n peoples mail
boxes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Managemen
g Root R2
Example cert:
https://crt.sh/?q=239ffa86d71033ba255914782057d87e8421aedd5910b786928b6a1248c3e341
OCSP URI: http://rootcar2-ocsp.disig.sk/ocsp/rootcar2
-Paul
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
Thi
ent Amazon availability
zones for example).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for P
/vl5eq0PoJxY/W1D4oZ__BwAJ
You can also consider post-mortems from related parts, such as CT logs, as
seen in Venafi's CT log post-mortem at
https://groups.google.com/a/chromium.org/d/msg/ct-policy/ohtZ64gLN3I/namq_NDmAQAJ
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wi
hain to different current signature algorithms, to minimize risks
associated with future distrust of such algorithms.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-b
solutions to DigiCert because this
transaction accelerates the transition for our customers to an existing PKI
platform at DigiCert that meets all industry standards and browser
requirements, ensuring continuity for our customers and providing a foundation
for continued innovation.
Enjoy
Jakob
--
ship with the
customer, perhaps only an email address that can be used to let them know
their website is about to go down.
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=
digicert.com@lists.mozilla
.org] On Behalf Of Jakob Bohm via dev-security-po
On 11/08/2017 00:14, Ryan Sleevi wrote:
On Thu, Aug 10, 2017 at 5:31 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
This raises the question if CAs should be responsible for misissued
domain names, or if they should be allowed to issue certif
On 11/08/2017 00:00, Jonathan Rudenberg wrote:
On Aug 10, 2017, at 17:31, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
On 10/08/2017 22:22, Jonathan Rudenberg wrote:
RFC 5280 section 7.2 and the associated IDNA RFC requires that
Internationalized
On 11/08/2017 00:29, Jonathan Rudenberg wrote:
On Aug 10, 2017, at 17:04, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
Can anyone point out a real world X.509 framework that gets confused by
a redundant pathlen:0 in a CA:FALSE certificate? (
r
the cost.
On Thu, Aug 10, 2017 at 5:39 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
But that would require the issuer of the replacement cert (which might
not be a fast-issue DV cert) to complete validation in something like 36
hours, which is m
joy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
registrar is currently RUCENTER-RF
xn--b1addckdrqixje4a
xn--f1awi
Third level domains, subscriber responsibility:
xn--80aqafgnbi
xn-blcihca2aqinbjzlgp0hrd8c
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
? (Merely to assess the
seriousness of the issue, given that the certificate was already
revoked).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
n violation of the BRs, which I
would expect any competent CA to be eminently capable of doing.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
which are expected to get a longer deadline
if the proposed changes go through.
For such, maybe post public descriptions, but delay on the formal filing
that would start the 24 hour clock.
On Aug 8, 2017, at 1:02 PM, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.
bad for interoperability to have certificates randomly
disappear due to someone filing mass-bugs for violations of formalities.
Alex
On Tue, Aug 8, 2017 at 2:43 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Some people seemed to require 2
applied to them have been for
grotesque abuse of the trust vested in them.
Alex
On Tue, Aug 8, 2017 at 2:25 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 08/08/2017 18:43, Ryan Sleevi wrote:
On Tuesday, August 8, 2017 at 11:05:06 PM UTC+9, Jako
On 08/08/2017 19:44, Ryan Sleevi wrote:
On Tuesday, August 8, 2017 at 8:52:54 PM UTC+9, Jakob Bohm wrote:
On 08/08/2017 12:54, Nick Lamb wrote:
On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
Since the CT made it possible, I have seen an increasing obsession with
enforcing every
On 08/08/2017 18:43, Ryan Sleevi wrote:
On Tuesday, August 8, 2017 at 11:05:06 PM UTC+9, Jakob Bohm wrote:
I was not advocating "letting everyone decide". I was advocating that
Mozilla show some restraint, intelligence and common sense in wielding
the new weapons that certlint and c
hat the spec requires but that no-one would expect an
implementation to do.
Peter.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Trans
On 08/08/2017 12:54, Nick Lamb wrote:
On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
Since the CT made it possible, I have seen an increasing obsession with
enforcing every little detail of the BRs, things that would not only
have gone unnoticed, but also been considered
their boots perfectly or having a picture of their wife on
their desk? (To mention other rules that some organizations have
overzealously enforced a long time ago).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16
in clients checking that particular https certificate for revocation.
This was before mass-surveillance became such a big issue, and might
have been decided otherwise today.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct
. These practices represent the same
fundamental speed/quality trade-off.
On Mon, Aug 7, 2017 at 4:09 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 07/08/2017 18:07, Hanno Böck wrote:
On Mon, 7 Aug 2017 15:59:07 +
Ben Wilson via dev-se
m) to a larger value, such as 64 plus optional zero.
Doing so would allow future requirements to increase the minimum serial
entropy to more than 160 bits, should a relevant attack scenario emerge.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29,
should not install
non-essential patches without a very long and thorough testing process.
Since this is (at most) a formal violation and not a security problem,
it is better for the fix to go through many month of careful testing
than to rush it through.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, Wise
StartCom: Be more clear if any of the "Chinese" staff is working
at, under or otherwise near WoSign and/or Richard Wang.
7. At Quihoo: Actually get rid of Richard Wang, not just change his
title from CEO to COO.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
201 - 300 of 570 matches
Mail list logo