On Wednesday, 24 January 2018 06:55:55 UTC+8, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
>
> https://crt.sh/?id=3
On 24/01/18 18:02, Doug Beattie wrote:
> Can we consider this case closed with the action that the VWG will
> propose a ballot that addresses pre and postdating certificates?
Yes. I don't believe anyone has suggested that Globalsign broke a formal
rule, either in the BRs or Mozilla's requirements.
ev-security-pol...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-future notBefore
>
> Please also consider the practice of having an off-line CA (typically a
> root) pre-issue CRLs, OCSP responses, intermediary CAs and OCSP responder
> certificates for the perio
Rudenberg
; mozilla-dev-security-policy
pol...@lists.mozilla.org>
Subject: RE: GlobalSign certificate with far-future notBefore
Can we consider this case closed with the action that the VWG will propose
a
ballot that addresses pre and postdating certificates?
Doug
-Original Message--
eattie ; mozilla-dev-security-
pol...@lists.mozilla.org
Subject: Re: GlobalSign certificate with far-future notBefore
Hi Doug,
Thanks for the quick response.
On 24/01/18 11:52, Doug Beattie wrote:
In the case below, the customer ordered a 39 month certificate and set
the notBefore date for 2
> ; mozilla-dev-security-policy
pol...@lists.mozilla.org>
> Subject: RE: GlobalSign certificate with far-future notBefore
>
> Can we consider this case closed with the action that the VWG will propose
a
> ballot that addresses pre and postdating certificates?
>
> Doug
>
&
Behalf Of Tim
> Hollebeek via dev-security-policy
> Sent: Wednesday, January 24, 2018 11:49 AM
> To: Rob Stradling ; Jonathan Rudenberg
> ; mozilla-dev-security-policy pol...@lists.mozilla.org>
> Subject: RE: GlobalSign certificate with far-future notBefore
>
>
> >
> > This incident makes me think that two changes should be made:
> >
> > 1) The Root Store Policy should explicitly ban forward and back-dating
the
> notBefore date.
>
> I think it would be reasonable and sensible to permit back-dating insofar
as it is
> deemed necessary to accommodate client-si
Ross ; mozilla-dev-security-
> > pol...@lists.mozilla.org
> > Subject: Re: GlobalSign certificate with far-future notBefore
> >
> > On 24/01/18 04:57, David E. Ross wrote:
> > > I am not sure about prohibiting forward-dating the notBefore date. I
> >
Doug Beattie ; mozilla-dev-security-
> > pol...@lists.mozilla.org
> > Subject: Re: GlobalSign certificate with far-future notBefore
> >
> > Hi Doug,
> >
> > Thanks for the quick response.
> >
> > On 24/01/18 11:52, Doug Beattie wrote:
> > > In
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Wednesday, January 24, 2018 7:00 AM
> To: Doug Beattie ; mozilla-dev-security-
> pol...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-future notBefore
>
> Hi Doug,
&
Hi Doug,
Thanks for the quick response.
On 24/01/18 11:52, Doug Beattie wrote:
> In the case below, the customer ordered a 39 month certificate and
> set the notBefore date for 2 months into the future.
Momentary 2017/2018 confusion in my brain had me thinking that this was
further into the futu
org] On Behalf Of Gervase
> Markham via dev-security-policy
> Sent: Wednesday, January 24, 2018 5:05 AM
> To: David E. Ross ; mozilla-dev-security-
> pol...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-future notBefore
>
> On 24/01/18 04:57, David E. Ross wrote:
&
On 23/01/18 22:55, Jonathan Rudenberg via dev-security-policy wrote:
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date
This incident makes me think that two changes should be made:
1) The Root Store Policy should explicitly ban forward and back-dating
On 24/01/18 04:57, David E. Ross wrote:
> I am not sure about prohibiting forward-dating the notBefore date. I
> can picture a situation where an existing site certificate is going to
> expire. The site's administration decides to obtain a new certificate
> from a different certification authorit
Hi Jonathan,
On 23/01/18 22:55, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
Thank you for pointing this out. This
On 1/23/2018 2:55 PM, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
>
> https://crt.sh/?id=311477948&opt=zlint
>
> C
17 matches
Mail list logo