The code at issue evolved as CT requirements changed. What started off as a
very simple conditional grew into a more complex if / else if block with
somewhat complicated logic and inline checks. As part of the fix, we
simplified the conditionals and refactored the inline checks to make use of
nice
On Thu, Aug 23, 2018 at 8:50 AM, Andy Warner via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> * NOTE: The bug was due to an 'if/else' chain fall through. The code in
> question has been refactored to be simpler and more readable.
>
Andy,
It might be good for the
Google provides SCTs via embedding and during SSL handshaking depending on
the certificate and how it is served. In this case, all of the affected
certs used embedded SCTs and the issue was the selection of which SCTs to
include because we submit to more CT logs than required, but only embed the
On Thu, 23 Aug 2018 05:50:05 -0700 (PDT)
Andy Warner via dev-security-policy
wrote:
> May 21st 2018, a new tool for issuing certificates within Google was
> made available to internal customers. Within hours we started to
> receive reports that Chrome Canary (v67) with Certificate
> Transparency
Correct, we do not believe there was a policy violation, we're proactively
sharing in the interest of transparency and knowledge sharing.
I believe there is additional information we could share about how we've
modified testing to ensure compliance with Chrome and Safari's SCT
inclusion rules and
Hi Andy,
Just so I follow, this is something you're proactively sharing, right? As
far as I can tell, there's no violation of any Mozilla Root Program rules
here, just an issue that caused interstitials in Chrome.
Either way, I appreciate your sharing.
You mentioned the issue was do to some
Please note, Google wrote this report for internal use immediately after the
issue. We intended to post it to m.d.s.p at that time, but securing internal
approvals took a while and the posting ended-up on the back burner for a bit.
It was a minor issue, but we want the community to be aware of
7 matches
Mail list logo
