ev-security-policy@lists.mozilla.org> wrote:
>
>> Can we request removal of these roots now? This seems very similar to the
>> SHA1 situation where CAs requested root removal and then treated the root
>> as
>> private, regardless of the trust in older platforms.
>&g
inal Message-
> From: dev-security-policy
> On
> Behalf Of Wayne Thayer via dev-security-policy
> Sent: Thursday, December 13, 2018 3:11 PM
> To: mozilla-dev-security-policy
>
> Subject: Re: Underscore characters and DigiCert
>
> There are currently no program requirem
-security-policy
Sent: Thursday, December 13, 2018 3:11 PM
To: mozilla-dev-security-policy
Subject: Re: Underscore characters and DigiCert
There are currently no program requirements for roots that have had their
websites trust bit turned off or been removed from NSS, but this is an open
area of
There are currently no program requirements for roots that have had their
websites trust bit turned off or been removed from NSS, but this is an open
area of concern [1]. When a root is disabled or removed, there is no
protection for Firefox users who haven't updated to a current version, nor
for a
Hey all,
We're working towards revoking certs with underscore characters in the
domain name, per SC12, but I had a question about legacy Symantec systems
and Mozilla. These particular roots are no longer trusted for TLS certs in
Google or Mozilla, which means the applicability of the BRs is du
5 matches
Mail list logo