Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Jakob Bohm via dev-security-policy
On 26/07/2018 23:04, Matthew Hardeman wrote: On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: The party actually running the authoritative DNS servers is in control of the domain. I'm not sure I agree. They can control the d

Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Matthew Hardeman via dev-security-policy
On Thu, Jul 26, 2018 at 2:23 PM, Tom Delmas via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > The party actually running the authoritative DNS servers is in control > of the domain. > > I'm not sure I agree. They can control the domain, but they are supposed > to be sub

Re: DYMO Root CA installed by Label Printing Software

2018-07-26 Thread mkatich--- via dev-security-policy
I came across this from the OP's article posted on GitHub, apologies for posting so much later than the original discussion. I just wanted to throw in my 2 cents, real use case. A webapp I develop(ed) for my company has been using DYMO's developer setup and the web service that's installed with

Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Tom Delmas via dev-security-policy
> The party actually running the authoritative DNS servers is in control of the domain. I'm not sure I agree. They can control the domain, but they are supposed to be subordinate of the domain owner. If they did something without the owner consent/approval, it really looks like a domain hij

Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Matthew Hardeman via dev-security-policy
I think the whole point of domain validation certificates is taking the human part out of it and verifying technical control of the domain as the standard upon which to base issuance. Since the CA is also the DNS server, it's more or less a given that they certainly can or would successfully valid

Re: GoDaddy Revocations Due to a Variety of Issues

2018-07-26 Thread Peter Bowen via dev-security-policy
On Wed, Jul 25, 2018 at 2:08 PM Joanna Fox via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Friday, July 20, 2018 at 9:39:04 PM UTC-7, Peter Bowen wrote: > > > *Total of 17 certificates issued in 2018 were revoked due to invalid > > > extended ascii characters. CertLin

Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Tom via dev-security-policy
On Wednesday, 25 July 2018 21:08:59 UTC, michel.le...@gmail.com wrote: > Hello, > > My domain registrar who is also a certificate authority just issued a > precertificate (visible in CT logs) and a valid > certificate for my domain. This is part of their new offer to automatically > offer free c

Re: Possible violation of CAA by nazwa.pl

2018-07-26 Thread Wojciech Trapczyński via dev-security-policy
W dniu 25.07.2018 o 23:21, Quirin Scheitle via dev-security-policy pisze: Hi Michel, On 23. Jul 2018, at 22:36, michel.lebihan2000--- via dev-security-policy wrote: I think my domain registrar just violated my CAA by issuing that certificate. Where they allowed to issue this certificate? t