On Tuesday, 28 February 2017 17:45:19 UTC, Santhan Raj wrote:
> WebTrust for Certification Authorities , SSL
> BaselinewithNetwork Security, Version 2.0,available
> at
> http://www.webtrust.org/homepage‐documents/item79806.pdf.
404 - File
On Wednesday, March 1, 2017 at 8:26:34 AM UTC-5, Peter Kurrasch wrote:
> Would it be possible to get a more precise answer other than "in accordance
> with"? I am left to assume that in fact no verification was performed because
> the previous verification was in the 39 month window.
For this
On 01/03/2017 12:43, Gervase Markham wrote:
On 13/02/17 12:23, Gervase Markham wrote:
The GoDaddy situation raises an additional issue.
What can be done about the potential future issue (which might happen
with any large CA) of the need to untrust a popular intermediate?
Suggestions
On 01/03/17 10:36, benjaminp...@gmail.com wrote:
> screenshot of the error message: http://imgur.com/a/BIQUm
That error message will not occur if only the root CA is SHA-1 signed,
because Firefox does not check the signatures on root CAs. There must be
some other certificate in the chain that
What you've stumbled into is the unspoken truth that CA's want to have their
cake and eat it too.
Specifically, they market themselves and their products under the umbrella of
security: "You want to be secure on the Internet, right? We can help you do
that!" Then, most all CA's will turn
Would it be possible to get a more precise answer other than "in accordance
with"? I am left to assume that in fact no verification was performed because
the previous verification was in the 39 month window.
Original Message
From: douglas.beattie--- via dev-security-policy
Sent: Tuesday,
On Wednesday, 1 March 2017 12:44:16 UTC+1, Gervase Markham wrote:
> On 13/02/17 12:23, Gervase Markham wrote:
> > The GoDaddy situation raises an additional issue.
>
> > What can be done about the potential future issue (which might happen
> > with any large CA) of the need to untrust a
On 13/02/17 12:23, Gervase Markham wrote:
> The GoDaddy situation raises an additional issue.
> What can be done about the potential future issue (which might happen
> with any large CA) of the need to untrust a popular intermediate?
> Suggestions welcome.
Reviewing the discussion, I
On Wed, 1 Mar 2017 02:36:22 -0800 (PST)
benjaminpill--- via dev-security-policy
wrote:
> when connecting to a webserver
>
> screenshot of the error message: http://imgur.com/a/BIQUm
It would be helpful if you told us which webserver. The error message
[2017-03-01 11:21] benjaminpill--- via dev-security-policy:
> so why is Firefox complaining with this error message:
>
> SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
Check the about:config setting "security.pki.sha1_enforcement_level".
Valid values currently range from 0 to 4, with the following
Am Mittwoch, 1. März 2017 11:31:20 UTC+1 schrieb Hanno Böck:
> On Wed, 1 Mar 2017 02:21:21 -0800 (PST)
> benjaminpill--- via dev-security-policy
> wrote:
>
> > so why is Firefox complaining with this error message:
> >
> >
On Wed, 1 Mar 2017 02:21:21 -0800 (PST)
benjaminpill--- via dev-security-policy
wrote:
> so why is Firefox complaining with this error message:
>
> SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
Can you be more specific? Where are you seeing that error
Am Mittwoch, 1. März 2017 11:18:48 UTC+1 schrieb Hanno Böck:
> On Wed, 1 Mar 2017 00:44:54 -0800 (PST)
> benjaminpill--- via dev-security-policy
> wrote:
>
> > are root (Enterprise) CA certificates wich are based on SHA1 handled
> > as untrusted by Firefox
On Wed, 1 Mar 2017 00:44:54 -0800 (PST)
benjaminpill--- via dev-security-policy
wrote:
> are root (Enterprise) CA certificates wich are based on SHA1 handled
> as untrusted by Firefox 51? The end certificate is sign using sha256
> and trusted by a
Hello,
are root (Enterprise) CA certificates wich are based on SHA1 handled as
untrusted by Firefox 51?
The end certificate is sign using sha256 and trusted by a intermidiate ca wich
uses also sha256. Only the root ca is based on sha1.
Chrome and IE are not complaining about the root cert.
15 matches
Mail list logo