Re: Incident report D-TRUST: syntax error in one tls certificate

2018-11-28 Thread Dimitris Zacharopoulos via dev-security-policy
On 29/11/2018 12:14 π.μ., Wayne Thayer via dev-security-policy wrote: The way that we currently handle these types of issues is about as good as we're going to get. We have a [recently relaxed but still] fairly stringent set of rules around revocation in the BRs. This is necessary and proper

Re: Incident report D-TRUST: syntax error in one tls certificate

2018-11-28 Thread Wayne Thayer via dev-security-policy
The way that we currently handle these types of issues is about as good as we're going to get. We have a [recently relaxed but still] fairly stringent set of rules around revocation in the BRs. This is necessary and proper because slow/delayed revocation can clearly harm our users. It was

Re: Incident report D-TRUST: syntax error in one tls certificate

2018-11-28 Thread Jakob Bohm via dev-security-policy
On 27/11/2018 00:54, Ryan Sleevi wrote: > On Mon, Nov 26, 2018 at 12:12 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> 1. Having a spare certificate ready (if done with proper security, e.g. >> a separate key) from a different CA may unfortunately

Re: Incident report D-TRUST: syntax error in one tls certificate

2018-11-28 Thread Pedro Fuentes via dev-security-policy
Hi Rufus, I got internal server error on that link, but I really appreciate your post and the link to code! Pedro El miércoles, 28 de noviembre de 2018, 8:45:42 (UTC+1), Buschart, Rufus escribió: > To simplify the process of monitoring crt.sh, we at Siemens have implemented > a little web