Ryan Sleevi writes:
>I don't think the hyperbole helps here.
It wasn't hyperbole, it was extreme surprise. When someone told me about this
I couldn't believe it was still happening after the massive amount of
publicity it got at the time, so it was more a giant "WTF?!??" than anything
else.
Ot
On Wed, Nov 20, 2019 at 10:54 PM Peter Gutmann
wrote:
> Ryan Sleevi writes:
>
> >Do you believe it’s still applicable in the Web PKI of the past decade?
>
> Yes, the specific cert I referenced is current valid and passed WebTrust
> and
> EV audits.
>
"Passed" is... a bit misleading as to the (l
Ryan Sleevi writes:
>Do you believe it’s still applicable in the Web PKI of the past decade?
Yes, the specific cert I referenced is current valid and passed WebTrust and
EV audits.
>If you could link to the crt.sh entry, that might be easier.
Here's the Microsoft one I mentioned:
Microsoft
On Wed, Nov 20, 2019 at 9:48 PM Peter Gutmann
wrote:
> Ryan Sleevi via dev-security-policy
> writes:
>
> >In https://bugzilla.mozilla.org/show_bug.cgi?id=1593814 , Rob Stradling,
> >Jeremy Rowley, and I started discussing possible steps that might be
> taken to
> >prevent misencoding strings in
Ryan Sleevi via dev-security-policy
writes:
>In https://bugzilla.mozilla.org/show_bug.cgi?id=1593814 , Rob Stradling,
>Jeremy Rowley, and I started discussing possible steps that might be taken to
>prevent misencoding strings in certificates
Is there any official position on strings that have c
In https://bugzilla.mozilla.org/show_bug.cgi?id=1593814 , Rob Stradling,
Jeremy Rowley, and I started discussing possible steps that might be taken
to prevent misencoding strings in certificates, and it seemed appropriate
to shift this to a more general m.d.s.p. discussion, rather than solely on
th
6 matches
Mail list logo