On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> https://crt.sh/mozilla-certvalidations?group=version&id=896972 is a very
> informative graph for me -- this is the number of validations performed by
> Firefox for certs under thi
Thanks a ton, Ryan! This was very helpful, and we really appreciate the
feedback and suggestions. Here’s what we currently use as publicly-trusted
roots and how we use them:
1. Baltimore CyberTrust Root – Expires in 2025. Currently only used to
support Verizon customers who have not tr
Hi Jeremy,
Is DigiCert planning on continuing selling DV certificates after the
transition? As DigiCert has previously been vocal on the fact that the
drawbacks of issuing DV certificates outweigh the benefits as stated here:
https://www.digicert.com/dv-ssl-certificate.htm. If DigiCert is going
Dear Nikos
On Wed, Sep 13, 2017 at 9:39 AM, Nikos Mavrogiannopoulos
wrote:
>
> 4. How do you handle extensions to this format?
>
> Overall, why not use X.509 extensions to store such additional
> constraints? We already (in the p11-kit trust store in Fedora/RHEL
> systems) use the notion of stap
On Wed, Sep 20, 2017 at 12:37 AM, Martin Rublik via
dev-security-policy wrote:
> On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> https://crt.sh/mozilla-certvalidations?group=version&id=896972 is a very
>> informative graph
On 2017-09-20 01:09, Kathleen Wilson wrote:
Forwarded Message
Subject: Summary of September 2017 Audit Reminder Emails
Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
Mozilla: Overdue Audit Statements
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Post-close, all products and offerings will stay the same as pre-close
except that DigiCert will do the validation and issuance. This does mean
DigiCert is offering a DV product post close. We agreed with Ryan that
separation by root for DV, OV, and EV doesn't make much sense, meaning all
TSL cer
On Tue, Sep 19, 2017 at 8:39 PM, Jeremy Rowley via dev-security-policy
wrote:
>
> The current end-state plan for root cross-signing is provided at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1401384. The diagrams there show
> all of the existing sub CAs along with the new Sub CAs and root sig
The original Mozilla plan was to distrust around Sep 2018. We're still
planning for that date, but would appreciate it if trust was permitted around a
single intermediate (say the DigiCert Global Trust G2 root?). If we need to
use a separate root with no other certs as the transition, we could
On Wednesday, September 20, 2017 at 6:34:04 AM UTC-7, Kurt Roeckx wrote:
> On 2017-09-20 01:09, Kathleen Wilson wrote:
> > Forwarded Message
> > Subject: Summary of September 2017 Audit Reminder Emails
> > Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
> >
> > Mozilla: Overdue Audit
On September 8, 2017, a member our team discovered that one of our OCSP
responder certificates had been signed with SHA-1 with a notBefore date of May
23, 2017. We initiated an investigation and discovered that there were a total
of 4 such certificates, all issued on May 23 as annual renewals t
On 20/09/2017 09:37, Martin Rublik wrote:
On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
https://crt.sh/mozilla-certvalidations?group=version&id=896972 is a very
informative graph for me -- this is the number of validations p
12 matches
Mail list logo