Re: Final Decision by Google on Symantec

2017-07-29 Thread Peter Bowen via dev-security-policy
On Thu, Jul 27, 2017 at 11:14 PM, Gervase Markham via dev-security-policy wrote: > Google have made a final decision on the various dates they plan to > implement as part of the consensus plan in the Symantec matter. The > message from blink-dev is included

Re: TunRootCA2 root inclusion request

2017-07-29 Thread Jonathan Rudenberg via dev-security-policy
For reference, I’ve added crt.sh links for the replacement certificates below. > On Jul 29, 2017, at 09:08, kaddachi olfa via dev-security-policy > wrote: > > https://crt.sh/?id=15126121 is an expired certificate (notBefore March 2016; > notAfter March

Re: TunRootCA2 root inclusion request

2017-07-29 Thread Jonathan Rudenberg via dev-security-policy
> On Jul 29, 2017, at 09:08, kaddachi olfa via dev-security-policy > wrote: > > ==> The CA proceeded to notify the end entity of the certificate > https://crt.sh/?id=21813439. The certificate is revoked on 28/07/2017. No new > certificate is issued by

Re: TunRootCA2 root inclusion request

2017-07-29 Thread kaddachi olfa via dev-security-policy
https://crt.sh/?id=21813439 is a certificate issued by this CA which has a domain name in the common name but only an email address in the SAN. (The certificate has TLS server/client usage EKUs.) ==> The CA proceeded to notify the end entity of the certificate https://crt.sh/?id=21813439. The

Re: Final Decision by Google on Symantec

2017-07-29 Thread Nick Lamb via dev-security-policy
Other contributors have, I think, summed up the pros and cons of the two ways forward on the specific date very effectively. So I will expend my effort instead on pressing for Mozilla to handle final distrust of the old Symantec CA roots in its usual fashion and explicitly _not_ do as Symantec