Dear all,
Still posting on behalf of TÜViT.
On Wed, Oct 31, 2018 at 11:43 AM Wiedenhorst, Matthias via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org>>
wrote:
· Since January 2018, T-Systems issued EV certificates with an
incorrect qcStatement. T-Systems was made
On Fri, Nov 2, 2018 at 10:24 AM Wiedenhorst, Matthias via
dev-security-policy wrote:
> Auditor and Reviewer, as stated on
> https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2018072001_Audit_Attestation_E_Deutsche-Telekom-Root-CA-2_20180718_s.pdf
> - the parties tasked with ensuring
Dear all,
on behalf of ACAB’c we like to comment on that as follows:
We would like to clarify the following normative points defined by the EA and
by the ISO/IEC 17065/ETSI/eIDAS:
I. Accreditation of CAB:
- The eIDAS/ETSI accredited CAB in Europe are in general all accredited
according
I am recommending denial of this request.
It was not uncommon for CAs to treat the .int TLD as an Internal Name, so
I'm not going to argue this point and claim that these certificates were
misissued because 'identrust.int' and 'identrus.int' were not registered
domain names.
Under the assumption
I am particularly disturbed by three points made by TUVIT during this
discussion:
1. A malformed qcStatement extension is a minor non-conformity because
there is no known security risk - This argument is incredibly dangerous and
harmful. It implies that all sorts of well-defined requirements can
On Fri, Nov 2, 2018 at 1:31 PM clemens.wanko--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> II. Assessment and certification statements:
> - ETSI requires the auditing of the past period as well as of the current
> operations status:
> o In chapter 7.9 of the
6 matches
Mail list logo
