On 11/11/2016 02:42, Peter Bowen wrote:
Given that there is a lack of clarity on when the CABF BRs apply, and
that applicability of the BRs is outside the scope of the BRs, I
propose the following text to clarify and help CAs understand the
expectations of operating a publicly trusted CA.
Given that there is a lack of clarity on when the CABF BRs apply, and
that applicability of the BRs is outside the scope of the BRs, I
propose the following text to clarify and help CAs understand the
expectations of operating a publicly trusted CA.
Thanks,
Peter
Requirements for a CA in the
On Thursday, 10 November 2016 19:53:25 UTC, Robin Alden wrote:
> I can't speak to your assumptions, but I concede that it is not explicit in
> the CPS.
>
> It is now documented at
> https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf
> and in the knowledgebase article at:
Nick Lamb, on 02 October 2016 17:50, said..
> The first thing that jumps out at me from their report is that they
mistake .sb
> for a gTLD when it is actually a ccTLD.
That was a mistake in writing the report.
The point is that it is a TLD.
> The second thing obviously is that they do have
Hi Hanno,
Hanno Böck, on 04 October 2016 13:34, said..
> There seem to be more certificates of that kind that weren't mentioned
> in the incident report. Here's a .re / www.re certificate (expired
> 2015):
> https://crt.sh/?id=4467456
>
> Has comodo checked its systems for other certificates of
Eric Mill, on 03 October 2016 03:14, said..
> On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> > On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > > There is some good news. The CA/Browser Forum has already addressed
> > > this, even prior to the current
Gervase Markham, on 04 October 2016 07:10, said..
> Thank you for this report.
>
> On 27/09/16 02:07, Robin Alden wrote:
> > When we use an 'agreed-upon change to website' method to prove
> domain
> > control, we consider proof of control of 'www.' as also
> > proving control of '' (except where
On 09/11/16 18:50, Peter Bowen wrote:
> Here are some certs that appear to be for server authentication but
> don't have that EKU:
>
> https://crt.sh/?id=10621190
This one also contains Internal Server Names. And it contains bogus info
in the Certificate Policies field. But it's not trusted by
8 matches
Mail list logo