Re: GlobalSign: SSL Certificates with US country code and invalid State/Prov

I'd particularly like to see the memes directly within the certificate, maybe an extension to RFC 6170. On Wed, Aug 28, 2019 at 6:13 AM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thursday, August 22, 2019 at 11:08:03 PM UTC-4, Jeremy Rowley wrote:

Re: GlobalSign: SSL Certificates with US country code and invalid State/Prov

On Wed, Aug 28, 2019 at 7:13 AM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Anyhow, judging from censys.io, it looks like there are far bigger > offenders of this particular quirky rule than Digicert and GlobalSign. I'd > love to know why the BRs/EVGs

RE: GlobalSign: SSL Certificates with US country code and invalid State/Prov

I've always thought the reason OV/EV ballots haven't been proposed/passed is combination of a lack of interest from the browsers and the fact that governance reform seems to get in the way of everything else. I've for proposed tons of things over the years that simply fail because I can't get

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

Am Dienstag, 27. August 2019 00:48:38 UTC+2 schrieb Matt Palmer: > On Mon, Aug 26, 2019 at 05:39:14AM -0700, Josef Schneider via > dev-security-policy wrote: > > Sure I can register a company and get an EV certificate for that company. > > But can I do this completely anonymous like getting a DV

Re: GlobalSign: SSL Certificates with US country code and invalid State/Prov

On Wed, Aug 28, 2019 at 12:36 PM Jeremy Rowley wrote: > I've always thought the reason OV/EV ballots haven't been proposed/passed > is combination of a lack of interest from the browsers and the fact that > governance reform seems to get in the way of everything else. I've for > proposed tons

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

Most of the comments against EV certificates on this list have been focused on whether or not the current Firefox EV UI is relied on by Firefox users to make security decisions. (Actually, I have only seen a Google paper on this issue in Chrome, no research from Firefox.) But there is an

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

On Wed, Aug 28, 2019 at 11:51:37AM -0700, Josef Schneider via dev-security-policy wrote: > Am Dienstag, 27. August 2019 00:48:38 UTC+2 schrieb Matt Palmer: > > On Mon, Aug 26, 2019 at 05:39:14AM -0700, Josef Schneider via > > dev-security-policy wrote: > > > Sure I can register a company and get

Symantec migration update

Hey – I realized it’s been a long time since I posted an update about where we are at on shutting down the legacy Symantec systems. I thought the community might find it interesting on what we’re doing to consolidate all the system. When we bought the Symantec CA business, we promised to bring

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

(Posting in a personal capacity) On Wed, Aug 28, 2019 at 7:01 PM Kirk Hall via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Most of the comments against EV certificates on this list have been > focused on whether or not the current Firefox EV UI is relied on by Firefox >