Hi there,
I agree, Gerv's remarks are a bit confusing with respect to the concern.
You are correct that the process of establishing a new root generally
involves the creation of a self-signed certificate, and then any
cross-signing that happens conceptually creates an 'intermediate' - so you
have
I didn't understand the original below comment by StartCom very well about
the cross-sign, but after Ryan's message I understand it better in
retrospect:
> On Thu, Sep 14, 2017 at 11:05 AM, Inigo Barreira via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> I´ve never said t
Forgot the links:
[1]
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/hNOJJrN6WfE
[2]
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/RJHPWUd93xE/RqnC3brRBQAJ
[3]
https://crt.sh/?spkisha256=fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2
[4
Quoting Gerv from the latest StartCom thread [1]:
"* The key for their new root certificate was also used in a couple of
intermediates (one revoked as it was done incorrectly - again, lack of
testing!). While this is probably not a policy violation, it's not good
practice."
Everyone including Star
4 matches
Mail list logo