Re: Guang Dong Certificate Authority (GDCA) root inclusion request

2017-03-26 Thread wangsn1206--- via dev-security-policy
We compiled an analysis document on our CP/CPS’s Compliance with the BRs for everyone to review and comment. You can find the document at the following address of the BUG:https://bug1128392.bmoattachments.org/attachment.cgi?id=8851230   Your suggestions will be much appreciated.

Re: Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites

2017-03-26 Thread Vincent Lynch via dev-security-policy
Hi David, I am the author of the research discussed in that Bleeping Computer post.. Your post is a bit brief, so I'm not sure if you are just sharing news, or wanted to discuss a certain aspect of this story or topic. So I will just share some general thoughts: 1. The most important thing to

Re: Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites

2017-03-26 Thread Adam Caudill via dev-security-policy
Much has been written about this issue of late; most of the focus has been on Let's Encrypt, but they are not the only CA issuing certificates to phishing sites, though because of the scale Let's Encrypt operates at, they issue the most, and thus take most of the heat. One of the better articles o

Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites

2017-03-26 Thread David E. Ross via dev-security-policy
The subject is the title of a Slashdot article posted today. The article can be accessed at . The article contains two links. One is to a Bleeping Computer article that gives m