subject:"RE\: DigiCert .onion certificates without Tor Service Descriptor Hash extension"

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-22 Thread Jeremy Rowley via dev-security-policy

2018 9:31 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-22 Thread Nick Lamb via dev-security-policy

On 21 Mar 2018 17:58, Wayne Thayer via dev-security-policy wrote:7. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-21 Thread Wayne Thayer via dev-security-policy

t.com> > Cc: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: DigiCert .onion certificates without Tor Service Descriptor > Hash > extension > > Thanks, Jeremy. > > I also found a certificate [1] with both 16-character.onion and > 56-character.onion address

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-19 Thread Jeremy Rowley via dev-security-policy

.mozilla.org Subject: Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension Thanks, Jeremy. I also found a certificate [1] with both 16-character.onion and 56-character.onion addresses [2] listed in the SAN. The v3 address is not included in the 2.23.140.1.31 extension,

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-12 Thread Alex Cohn via dev-security-policy

Thanks, Jeremy. I also found a certificate [1] with both 16-character.onion and 56-character.onion addresses [2] listed in the SAN. The v3 address is not included in the 2.23.140.1.31 extension, which seems to violate the same rule as below. However, v3 addresses include the service's entire

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

2018-03-12 Thread Jeremy Rowley via dev-security-policy

Thanks Alex. Sorry for the delayed response. I've been traveling today. We're reaching out to each of the customers and getting their cert replaced. Looking into this, we did not correctly implement the ballot: 1. We didn't add a check to our backend system too verify the cert included a

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

RE: DigiCert .onion certificates without Tor Service Descriptor Hash extension

6 matches

Site Navigation

Mail list logo

Footer information