The current plan is to create a new root that is cross-signed by each of the
four roots we've identified as critical for customers
(https://bugzilla.mozilla.org/show_bug.cgi?id=1401384). If Mozilla
whitelisted this sub CA, the same as Google's and Apple's, the entire issue
around rapid root inclusi
On Tuesday, October 17, 2017 at 2:44:11 PM UTC-7, Kathleen Wilson wrote:
> A lot of the delay this time is in regards to our new
> Audit Case process.
> We'll work to get this cleared up this month.
To those of you CAs who have correctly followed the instructions for providing
your annual upda
A lot of the delay this time is in regards to our new Audit Case process. We'll
work to get this cleared up this month.
Forwarded Message
Subject: Summary of October 2017 Audit Reminder Emails
Date: Tue, 17 Oct 2017 19:00:06 + (GMT)
Mozilla: Overdue Audit Statements
Root Ce
> On Oct 17, 2017, at 09:49, Rob Stradling via dev-security-policy
> wrote:
>
> On 16/10/17 23:15, Jakob Bohm via dev-security-policy wrote:
>
>> Unfortunately, as of right now, their github repository still doesn't
>> include the promised C/C++ implementation,
>
> Hi Jakob. Today I ended up
On 17/10/17 15:50, Ryan Sleevi wrote:
> That doesn't seem to line up with the discussion in
> https://groups.google.com/d/topic/mozilla.dev.security.policy/_EnH2IeuZtw/discussion
> to date. Do you have any additional information to share?
>
> Note that the path you just described is the one that p
On Tue, Oct 17, 2017 at 5:06 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 16/10/17 20:22, Peter Bowen wrote:
> > Will the new managed CAs, which will operated by DigiCert under
> > CP/CPS/Audit independent from the current Symantec ones, also be
On 16/10/17 23:15, Jakob Bohm via dev-security-policy wrote:
Unfortunately, as of right now, their github repository still doesn't
include the promised C/C++ implementation,
Hi Jakob. Today I ended up rewriting the ROCA fingerprint checker in C
(using OpenSSL BIGNUM calls) to get it working
I think this is right. ROCA-detect appears to just be an implementation of the
fingerprinting algorithm described in the 2016 paper
(https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf).
There are already plenty of clues in the 2016 paper that something might
On Monday, 16 October 2017 23:15:51 UTC+1, Jakob Bohm wrote:
> They have also obfuscated their test by providing bitmasks as decimal
> bigints instead of using hexadecimal or any other format that makes the
> bitmasks human readable.
The essential fingerprinting trick comes down to this (I had to
On 16/10/17 20:22, Peter Bowen wrote:
> Will the new managed CAs, which will operated by DigiCert under
> CP/CPS/Audit independent from the current Symantec ones, also be
> included on the list of subCAs that will continue to function?
AIUI we are still working out the exact configuration of the n
On 16/10/17 20:19, Daniel Cater wrote:
> Could we have a list of the subCAs that are being considered for exemption
> for the distrust?
Here's an informal list created by me examining the CCADB. Note that the
CCADB links won't work for anyone except Root Store operators.
GeoTrust Global CA
|
11 matches
Mail list logo
