I believe that all of the concerns related to this request for inclusion of
the OISTE WISeKey Global Root GC CA have been addressed. I am now closing
this discussion with a recommendation to approve this request. Any further
comments should be added directly to the bug [1].
- Wayne
[1] https://bu
I went ahead and noted these DigiCert audits as a concern on the CCADB
record for Scott S. Perry CPA, PLLC.
I do think it's important for CAs to disclose these issues to their
auditors, but I also expect auditors to discover them.
- Wayne
On Wed, Aug 15, 2018 at 8:21 AM Ben Wilson wrote:
> Re-
On Mon, Aug 13, 2018 at 8:10 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I'd like to call this presentation to everyone's attention:
>
> Title: Lost and Found Certificates: dealing with residual certificates for
> pre-owned domains
>
> Slide deck:
> h
Re-sending
-Original Message-
From: Ben Wilson
Sent: Wednesday, August 15, 2018 8:34 AM
To: 'r...@sleevi.com' ; Wayne Thayer
Cc: mozilla-dev-security-policy
Subject: RE: Misissuance and BR Audit Statements
Thanks, Ryan and Wayne,
Going forward we'll work to improve our management lett
Thanks, Ryan and Wayne,
Going forward we'll work to improve our management letter disclosures to
include reported mis-issuances during the audit period.
Sincerely yours,
Ben
-Original Message-
From: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Monday, A
On 14/08/2018 02:10, Wayne Thayer wrote:
I'd like to call this presentation to everyone's attention:
Title: Lost and Found Certificates: dealing with residual certificates for
pre-owned domains
Slide deck:
https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Foster-a
The updated 2.6.1 version of the Mozilla Root Store policy resulting from
this discussion is now published:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
- Wayne
On Mon, Aug 6, 2018 at 3:28 PM Wayne Thayer wrote:
> Having received no comments on this prop
I'd like to call this presentation to everyone's attention:
Title: Lost and Found Certificates: dealing with residual certificates for
pre-owned domains
Slide deck:
https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Foster-and-Ayrey-Lost-and-Found-Certs-residual-cert
Wayne,
Thanks for raising this. I definitely find it surprising to see nothing
noted on Comodo's report, as you call out.
As another datapoint, consider this recent audit that is reported to be
from DigiCert, by way of Amazon Trust Services' providing the audits for
their externally operated sub-
9 matches
Mail list logo