I contacted CPA Canada in early 2017 about XSS and some other issues on
cert.webtrust.org.
They did not fix the issues but stated:
> CPA Canada is currently working on upgrading the WebTrust site to
> enhance the security.
As of April 2018 the issues were still unfixed. I wonder if the limited
On 17.4.18 06:24, Jakob Bohm via dev-security-policy wrote:
> I am not the only one with that expectation. In the concrete case the
> expectation was succinctly stated by Mathew in Message-ID
> mailman.312.1523571519.2176.dev-security-policy at lists.mozilla.org as
>
> Mathew> With respect to
On 13.4.18 05:40, Matthew Hardeman via dev-security-policy wrote:
> Wow. I’m impressed.
>
> Let’s Encrypt by their own declaration and by observed interactions in
> their community help forums maintains a high value blacklist of domains.
> It’s difficult to imagine how that list doesn’t include
> I doubt Let's Encrypt would issue for paypal.any_valid_tld even if CAA would
> permit.
https://paypal.cologne :)
On 13.4.18 00:18, Matthew Hardeman via dev-security-policy wrote:
> Independent of EV, the BRs require that a CA maintain a High Risk
> Certificate Request policy such that
> Basically, we're revoking 50k people without
> being able to explain why (well, other than the key was compromised).
Unless I misunderstood, you originally said you received 23k compromised
keys and are revoking those.
> Currently, we are only revoking the certificates if we received the
IMHO it should be possible to affect the connection and the UI. This
would allow plug-ins for alternative certificate validation methods,
such as Convergence
(https://en.wikipedia.org/wiki/Convergence_%28SSL%29) / FreeSpeechMe
(https://bit.namecoin.org/freespeechme.html).
While I agree that it is
6 matches
Mail list logo
