In the spirit of improving transparency, I've gone and filed
https://github.com/mozilla/pkipolicy/issues/192 , which is specific to
auditors.
However, I want to highlight this model (the model used by the US Federal
PKI), because it may also provide a roadmap for dealing with issues like
this /
Already the screenshots of the report from 2016 on page 3 show why no normal
user can recognize if a website was encrypted or if an EV certificate was in
use.
The browser manufacturers must agree on a uniform, easy-to-understand
presentation of the security indicators and not change them every
We have received your request 03530327 and it is being processed by our support
team. To leave additional comments, reply to this email.
ref:_00DU0Lfqj._5001v17KLYI:ref
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
I have two questions Ronald:
1. What should I look for? I just see a DV cert from Let’s Encrypt.
2. Why did you message the entire community about whatever it is you’ve found?
Thanks,
Paul
Sent from my iPhone
> On Oct 12, 2019, at 11:04 AM, Ronald Crane via dev-security-policy
> wrote:
>
We have received your request 03531223 and it is being processed by our support
team. To leave additional comments, reply to this email.
ref:_00DU0Lfqj._5001v17KPuw:ref
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
We have received your request 03531375 and it is being processed by our support
team. To leave additional comments, reply to this email.
ref:_00DU0Lfqj._5001v17KQlt:ref
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
The finding is from public information that is relevant to the current
value of EV certificates, which is a central part of this discussion.
-R
On 10/14/2019 11:10 AM, Paul Walsh via dev-security-policy wrote:
I have two questions Ronald:
1. What should I look for? I just see a DV cert from
7 matches
Mail list logo