Re: Is Firefox SHA-1 Deprecation Policy configurable?

For Chrome, there's the EnableSha1ForLocalAnchors policy that was introduced in Chrome 54. That will operate as described here . Andrew On Sat, Sep 17, 2016 at 10:49 AM, wrote: > I think

Re: Incidents involving the CA WoSign

Richard, As someone pointed out on Twitter this morning, it seems that the PSC notification for Startcom UK was filed recently: https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf Were you unaware of this filing?

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年9月17日星期六 UTC+8上午5:38:29，Percy写道： > On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote: > > This request from Guangdong Certificate Authority (GDCA) is to include the > > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and > > enabled EV

RE: Incidents involving the CA WoSign

Thanks for your detail info. No worry about this, all companies must be complied with local law. But I really don't care who is my company's shareholder's shareholder's shareholder, you need to find out this by yourself if you care. If you think Mozilla must require this, please add to the

RE: Incidents involving the CA WoSign

Thanks for your pointing out one of the very important evidence for the transaction is NOT completed till yesterday that we released the news after it is finished at the first phase. We just finished the UK company investment. For Qihoo 360, I don't know anything and I don’t have the right to

Re: Incidents involving the CA WoSign

Richard, I'm still somewhat confused. Can you review the following statements and either confirm they are true or specify they are not true and correct them? On 15 December 2015: 1) סטארט קומארשל בע"מ ("Start Commercial Limited" or StartCom IL) was a registered company in Israel. 2) 王高华

Re: Maybe Mozilla can work with Chinese CAs to urge Chinese government to open up its internet a bit more?

I believe this group is also accessible as a mailing list, with no connection to Google at all. https://lists.mozilla.org/listinfo/dev-security-policy I hope that that allows people in China to participate, even if Google services are inaccessible. Please let me know if that's not the case.

Maybe Mozilla can work with Chinese CAs to urge Chinese government to open up its internet a bit more?

As you might have already known, most of Google services are blocked within China, including this very forum. I'm not sure how a fair and just assessment of a CA, that primarily serves the Chinese market, can be had without any participation from any of its users. Having equal right for the

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Mon, Sep 19, 2016 at 1:56 AM, wrote: > Dear Peter, Thanks for your comments! We think that there are some good > suggestions for our work. We’ll take notes and do better in our future work. > > We have discussed these questions with our auditor. Here are our reply to

Re: Maybe Mozilla can work with Chinese CAs to urge Chinese government to open up its internet a bit more?

在 2016年9月20日星期二 UTC+8上午12:54:48，nfji...@gmail.com写道： > As you might have already known, most of Google services are blocked within > China, including this very forum. > > I'm not sure how a fair and just assessment of a CA, that primarily serves > the Chinese market, can be had without any

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

Dear Peter, Thanks for your comments! We think that there are some good suggestions for our work. We’ll take notes and do better in our future work. We have discussed these questions with our auditor. Here are our reply to your comments: Opportunties for Improvement: - The basic

Re: WoSign Issue L and port 8080

On 17/09/2016 16:30, Florian Weimer wrote: * Nick Lamb: On Sunday, 11 September 2016 21:05:12 UTC+1, Lee wrote: does dns hijacking or dns cache poisoning count as mitm? A careful CA validator does DNS only by making authoritative queries, so they're not subject to cache poisoning since

Re: Maybe Mozilla can work with Chinese CAs to urge Chinese government to open up its internet a bit more?

On 17/09/2016 11:58, nfjinj...@gmail.com wrote: As you might have already known, most of Google services are blocked within China, including this very forum. I'm not sure how a fair and just assessment of a CA, that primarily serves the Chinese market, can be had without any participation

Re: Maybe Mozilla can work with Chinese CAs to urge Chinese government to open up its internet a bit more?

On Mon, 19 Sep 2016 13:11:17 -0400 Richard Barnes wrote: > I believe this group is also accessible as a mailing list, with no > connection to Google at all. > > https://lists.mozilla.org/listinfo/dev-security-policy The archive link there goes to the google page. Maybe

RE: Incidents involving the CA WoSign

Hi Gerv, For Issue R listed in Wiki, we released the news today: https://www.wosign.com/english/News/WoSign_completed_equity_investment_to_StartCom_CA.htm Best Regards, Richard -Original Message- From: dev-security-policy

RE: Incidents involving the CA WoSign

Your behavior let me think of a Chinese word "株连九族", means "to implicate the nine generations of a family", this is an extreme penalty in feudal times in China that if a man committed a crime, the whole clan that up to nine generation was implicated, all must be killed together. Please refer

RE: Incidents involving the CA WoSign

Bonsoir Richard, This info should probably be added to the thread "WoSign's ownership of StartCom", and then Peter's complementary questions are legitimate ones, being in line with Mozilla's concerns. ___ dev-security-policy mailing list

Re: Incidents involving the CA WoSign

On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang wrote: > This case is WoSign problem, you found out all related subordinate companies > and all related parent companies that up to nine generations! I think this is > NOT the best practice in the modern law-respect society. It seems