Re: CA Communication: Underscores in dNSNames

2018-12-06 Thread Wayne Thayer via dev-security-policy
On Thu, Dec 6, 2018 at 10:36 PM pilgrim2223--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I need some clarification on something here > > 1) Why are legacy certs not being allowed to expire, and instead we are > being forced to replace in a very short window? We

Re: CA Communication: Underscores in dNSNames

2018-12-06 Thread pilgrim2223--- via dev-security-policy
I need some clarification on something here 1) Why are legacy certs not being allowed to expire, and instead we are being forced to replace in a very short window? We stopped issuing certs with underscores as soon as our CA told us to (probably mid-September) but that still puts me at having

Re: [FORGED] Re: Incident report - Misissuance of CISCO VPN server certificates by Microsec

2018-12-06 Thread Peter Gutmann via dev-security-policy
Paul Wouters via dev-security-policy writes: >Usually X509 is validated using standard libraries that only think of the TLS >usage. So most certificates for VPN usage still add EKUs like serverAuth or >clientAuth, or there will be interop problems. So just to make sure I've got this right,

Re: Incident report - Misissuance of CISCO VPN server certificates by Microsec

2018-12-06 Thread Sándor dr . Szőke via dev-security-policy
2018. december 6., csütörtök 16:12:37 UTC+1 időpontban Jakob Bohm a következőt írta: > On 06/12/2018 12:37, Sándor dr. Szőke wrote: > > 2018. december 5., szerda 20:45:25 UTC+1 időpontban Wayne Thayer a > > következőt írta: > >> .On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via

Re: Incident report - Misissuance of CISCO VPN server certificates by Microsec

2018-12-06 Thread Jakob Bohm via dev-security-policy
On 06/12/2018 12:37, Sándor dr. Szőke wrote: > 2018. december 5., szerda 20:45:25 UTC+1 időpontban Wayne Thayer a következőt > írta: >> .On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >>> >>> 1./ >>> How your CA first

Re: Incident report - Misissuance of CISCO VPN server certificates by Microsec

2018-12-06 Thread Sándor dr . Szőke via dev-security-policy
2018. december 5., szerda 20:53:31 UTC+1 időpontban Gijs Kruitbosch a következőt írta: > On 05/12/2018 19:45, Wayne Thayer wrote: > > ..On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > 6./ > >> Explanation about how

Re: Incident report - Misissuance of CISCO VPN server certificates by Microsec

2018-12-06 Thread Sándor dr . Szőke via dev-security-policy
2018. december 5., szerda 20:45:25 UTC+1 időpontban Wayne Thayer a következőt írta: > .On Wed, Dec 5, 2018 at 1:58 PM dr. Sándor Szőke via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > > 1./ > > How your CA first became aware of the problem (e.g. via a problem