On Sun, March 22, 2015 4:18 pm, Kathleen Wilson wrote:
After reading this:
https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_for_my_ISPs_main_website.html
I'm thinking we need to update our wiki page:
On Mon, March 23, 2015 8:36 am, Kathleen Wilson wrote:
Just to be clear... This is the wording copied as-is from the wiki page.
I have not proposed any changes yet -- I'm looking for your input on how
to update this wiki page, and I appreciate the input you all have
provided so far.
Hi Gerv,Obviously you are correct, it wouldn't make much sense to say "please constrain yourself to everything...or almost everything!"I think the only way for my alternative to work is to just develop a system of increased scrutiny of the intermediates, to develop a more rigorous set of policy
On 22/03/15 23:18, Kathleen Wilson wrote:
I'm thinking we need to update our wiki page:
https://wiki.mozilla.org/CA:Problematic_Practices#Email_Address_Prefixes_for_DV_Certs
Well, the current list is in the BRs, so we either need to update the
BRs, or we need to decide that we want to be more
I wonder if the current publicity will lead all webmail providers to
do a
review, and then we won't see any further problems...
That would be nice!
Pertaining to Peter Bowen's suggestion that some CAs who use email
authentication could provide statistics on what percent of customers
choose each
On 2015-03-23 00:18, Kathleen Wilson wrote:
admin@domain
administrator@domain
I've seen a few stories like this. I think they all used either admin
or administrator. So I recommend not to allow those. They also don't
show up in a default /etc/aliases file while the other 3 do.
On Mon, Mar 23, 2015 at 09:40:08AM +0100, Kurt Roeckx wrote:
On 2015-03-23 00:18, Kathleen Wilson wrote:
admin@domain
administrator@domain
I've seen a few stories like this. I think they all used either admin or
administrator. So I recommend not to allow those. They also don't
On 23/03/15 16:41, Robin Alden wrote:
That would be nice!
Wouldn't it? :-)
Of all email-based domain control validation we perform those email
addresses (on the same domain being applied for) are used as follows:
admin@33.9%
hostmaster@ 7.8%
webmaster@
On Mon, Mar 23, 2015 at 9:41 AM, Robin Alden ro...@comodo.com wrote:
I wonder if the current publicity will lead all webmail providers to do a
review, and then we won't see any further problems...
That would be nice!
Pertaining to Peter Bowen's suggestion that some CAs who use email
Robin said..
Of all email-based domain control validation we perform those email
addresses (on the same domain being applied for) are used as
follows:
admin@ 33.9%
hostmaster@ 7.8%
webmaster@ 7.6%
administrator@ 7.5%
postmaster@ 4.5%
On Mon, Mar 23, 2015 at 3:47 PM, Richard Barnes rbar...@mozilla.com wrote:
It has been discovered that an intermediate CA under the CNNIC root has
mis-issued certificates for some Google domains. Full details can be found
in blog posts by Google [0] and Mozilla [1]. We would like to discuss
Peter, Did you read the blog posts?
1)
https://blog.mozilla.org/security/2015/03/23/revoking-trust-in-one-cnnic-intermediate-certificate/
2)
http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html
Is there any data on this intermediate?
Does the
Although CT would not have prevented issuance, requiring CT for all
certificates would have detected the misissuance much sooner. Maybe Mozilla
should be the first to require CT for all certificates?
Jeremy
-Original Message-
From: dev-security-policy
On Mon, Mar 23, 2015 at 5:50 PM, Kathleen Wilson kwil...@mozilla.com wrote:
Peter, Did you read the blog posts?
1)
https://blog.mozilla.org/security/2015/03/23/revoking-trust-in-one-cnnic-intermediate-certificate/
2)
Dear dev.security.policy,
It has been discovered that an intermediate CA under the CNNIC root has
mis-issued certificates for some Google domains. Full details can be found
in blog posts by Google [0] and Mozilla [1]. We would like to discuss what
further action might be necessary in order to
On 3/23/2015 5:59 PM, Peter Kurrasch wrote:
Hi Richard,
Is the proposal to limit CNNIC roots to only .cn domains or would others be
allowed?
I'm curious to know what CNNIC's perspective is on this proposal, so will a
representative be replying in this forum?
Thanks.
Original
16 matches
Mail list logo
