On 04/08/14 18:16, Erwann Abalea wrote:
I imagine you have access to more detailed information (OCSP URL,
date/time, user location, ...), could some of it be open?
Not necessarily; I suspect this data was gathered using Firefox
Telemetry, where we try very hard to avoid violating a user's
On 05/08/14 09:34, Rob Stradling wrote:
Kathleen, to work around the classic NSS path building behaviour you
observed yesterday, we will issue another cross-certificate to
USERTrust Legacy Secure Server CA, with a newer notBefore date, from
our AddTrust External CA Root built-in root.
Then, you
- Original Message -
From: Kurt Roeckx k...@roeckx.be
To: Hubert Kario hka...@redhat.com
Cc: Kathleen Wilson kwil...@mozilla.com,
mozilla-dev-security-pol...@lists.mozilla.org
Sent: Tuesday, August 5, 2014 12:44:13 AM
Subject: Re: Removal of 1024 bit CA roots - interoperability
On 2014-08-05 14:22, Hubert Kario wrote:
0.05% of sites doesn't mean 0.05% of users, especially if we look at local, not
global,
user share. Some of them are high profile sites, e.g.:
volkswagen.at, dell.com, cadillaceurope.com, www.portaldasfinancas.gov.pt
It's not because they have an https
On Tue, Aug 5, 2014 at 2:02 AM, Gervase Markham g...@mozilla.org wrote:
On 04/08/14 18:16, Erwann Abalea wrote:
OCSP is painful and costly to optimize, x509labs shows great
availability and good performance for most CA/location combination,
but this is in contradiction with real user
I think most CAs use CDNs to help serve OCSP responses quite fast and reliably.
A breakdown of failure rates based on certificate provider could provide
insight on what's going on. Is gathering this information too close to
violating a user's privacy for Mozilla? Any chance of peering into
On 7/29/14, 2:00 PM, Kathleen Wilson wrote:
All,
Thank you to those of you who have reviewed and commented on this
inclusion request from CFCA. I will appreciate your opinions in response
to my questions below regarding how to move forward with this request.
Note that the “CFCA GT CA” root was
On Tue, August 5, 2014 10:26 am, Kathleen Wilson wrote:
On 7/29/14, 2:00 PM, Kathleen Wilson wrote:
All,
Thank you to those of you who have reviewed and commented on this
inclusion request from CFCA. I will appreciate your opinions in response
to my questions below regarding how to
Hi Wallas,Setting aside Ryan's petulance, if I may, I think the simple answer to all your questions can be stated thusly: no one is in charge and we depend on people doing the right things.Mostly I think that works out OK but there's just no escaping that much of the PKI system relies on nothing
I agree with Ryan: new audit by new auditor. Since PWC did a mediocre job last
time why would we expect a different result this time?
Original Message
From: Ryan Sleevi
Sent: Tuesday, August 5, 2014 5:41 PM
To: Kathleen Wilson
Reply To: ryan-mozdevsecpol...@sleevi.com
Cc:
10 matches
Mail list logo