ned
or why.
Use pinning with care.
-Tim
> -Original Message-
> From: dev-security-policy On
> Behalf Of Ryan Sleevi via dev-security-policy
> Sent: Wednesday, August 14, 2019 2:08 PM
> To: Nuno Ponte
> Cc: mozilla-dev-security-policy
>
> Subject: Re: Use of C
On Tue, Aug 13, 2019 at 11:12 AM Nuno Ponte via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear m.d.s.p.,
>
> I would like to bring into discussion the use of certificate/public key
> pinning and the impacts on the 5-days period for certificate revocat
s and legacy cruft which have historically hindered the
agility of the WebPKI.
On Tue, Aug 13, 2019 at 10:12 AM Nuno Ponte via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear m.d.s.p.,
>
> I would like to bring into discussion the use of certificate/public
ocally managed trust anchor, and operate a root CA oneself,
managing it as one would a public CA (offline root, possibly offline
intermediates, etc)
-tom
On Tue, 13 Aug 2019 at 15:12, Nuno Ponte via dev-security-policy
wrote:
>
> Dear m.d.s.p.,
>
> I would like to bring into discussi
On Mon, 12 Aug 2019, Nuno Ponte via dev-security-policy wrote:
Recently, we (Multicert) had to rollout a general certificate replacement due
to the serial number entropy issue. Some of the most troubled cases to replace
the certificates were customers doing certificate pinning on mobile apps.
Dear m.d.s.p.,
I would like to bring into discussion the use of certificate/public key pinning
and the impacts on the 5-days period for certificate revocation according to BR
ยง4.9.1.1.
Recently, we (Multicert) had to rollout a general certificate replacement due
to the serial number entropy
6 matches
Mail list logo