Ryan Sleevi writes:
>Mozilla updates every six to eight weeks. And that works. That's all that
>matters for this discussion.
Do all the world's CAs know this?
Peter.
___
dev-security-policy mailing list
Jakob Bohm via dev-security-policy
writes:
>Indeed, I strongly suspect Microsoft *customers* combined with Microsoft
>untrustworthiness (they officially closed their Trustworthy Computing
>initiative!) may be the major hold out, specifically:
>
>1. [...]
Ryan Sleevi via dev-security-policy
writes:
>An alternative solution to the ossification that Alex muses about is to
>require that all CAs must generate (new) roots on some interval (e.g. 3
>years) for inclusion. That is, the 'maximum' a root can be
Ryan Sleevi writes:
>For an EV cert, you look inĀ
>https://cabforum.org/wp-content/uploads/EV-V1_6_1.pdf
It was meant as a rhetorical question, the OP asked whether doing XYZ in an
EV certificate was allowed and I was pointing out that the CAB Forum
guidelines should
Kurt Roeckx via dev-security-policy
writes:
>Both the localityName and stateOrProvinceName are Almere, while the province
>is Flevoland.
How much checking is a CA expected to do here? I know that OV and DV certs
are just "someone at this site responded
Nick Lamb via dev-security-policy
writes:
>In order for Symantec to reveal anybody's private keys they'd first need to
>have those keys
That's standard practice for many CAs, they generate the key and certificate
for you and email it to you as a PKCS #12.
Martin Heaps via dev-security-policy
writes:
>This topic is frustrating in that there seems to be a wide attempt by people
>to use one form of authentication (DV TLS) to verify another form of
>authentication (EV TLS).
The overall problem is that browser
Kurrasch via dev-security-policy writes:
>* Types of transfers: I don't think the situation was envisioned where a
>single root would be transferred between entities in such a way that company
>names and branding would become intermingled.
This has
Jakob Bohm via dev-security-policy
writes:
>Unfortunately, for these not-quite-web-server things (printers, routers
>etc.), automating use of the current ACME Let's encrypt protocol with or
>without hardcoding the Let's Encrypt URL is a non-starter for
Gervase Markham via dev-security-policy
writes:
>Peter: you are going to have to re-summarise your question. And then, if you
>are asking why Mozilla code works in a certain way, mozilla.dev.security or
>mozilla.dev.tech.crypto are almost certainly far
101 - 110 of 110 matches
Mail list logo