Li-Chun: thank you for this incident report. I have created
https://bugzilla.mozilla.org/show_bug.cgi?id=1532436 to track this issue.
On Fri, Mar 1, 2019 at 5:59 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 28/02/2019 17:48, lcchen.ci...@gmail.com w
Hello Ryan,
thanks for your reply.
El lunes, 4 de marzo de 2019, 18:20:20 (UTC+1), Ryan Sleevi escribió:
>
> Just to make sure: This isn't really a question about CT at all, is it?
> It's a question about CAs performing testing in production that leads to
> misissuances.
>
Mostly is the second
I've created https://bugzilla.mozilla.org/show_bug.cgi?id=1532429 to track
this incident.
On Fri, Mar 1, 2019 at 1:55 PM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2/28/2019 7:45 PM, 孙圣男 wrote:
> > Dear Mozilla:
> > This problem had been confi
Neil,
On Sat, Mar 2, 2019 at 8:52 AM Neil Dunbar via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> All,
>
> Included is an incident report, formatted per the Mozilla recommendations,
> with timelines and resolutions.
>
> Thank you for completing an excellent incident repor
On 2019-03-04 20:23, Jeremy Rowley via dev-security-policy wrote:
2) Of the 3,000, the only certificate we found where the scope was not set
to be the scope of the WHOIS document was the one reported by Cynthia.
That is good to hear :)
- Cynthia
__
Technically, the same issue could exist on the system. However, co.uk is
actually blocked as a valid approval address by our system. In-addr.arpa was
not blocked.
Here's a status update:
1) We identified 3000 certificates where the scope was changed by validation
staff based on a WHOIS document.
On Mon, Mar 4, 2019 at 11:46 AM Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> El lunes, 4 de marzo de 2019, 12:37:43 (UTC+1), arnold...@t-systems.com
> escribió:
> > The incident report can be found here,
> https://bugzilla.mozilla.org/show_bug.cgi?id=1530
My perspective is that of an end user and also that of a software developer
involved in a non-web-browser space in which various devices and
manufacturers generally defer to the Mozilla root program's trust store.
As such, I'm quite certain that my opinions don't -- and should not -- have
the weigh
El lunes, 4 de marzo de 2019, 12:37:43 (UTC+1), arnold...@t-systems.com
escribió:
> The incident report can be found here,
> https://bugzilla.mozilla.org/show_bug.cgi?id=1530718
Hello,
related to this...
Is there a policy about test certificates and CT logs?
Sometimes it's required to do "ne
On Mon, Mar 4, 2019 at 9:04 AM Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Sun, Mar 3, 2019 at 6:13 PM Ryan Sleevi wrote:
>
> >
> > It is not clear how this follows. As my previous messages tried to
> > capture, the program is, and has always been
On Mon, Mar 4, 2019 at 11:03 AM Matthew Hardeman
wrote:
>
>
> On Sun, Mar 3, 2019 at 6:13 PM Ryan Sleevi wrote:
>
>>
>> It is not clear how this follows. As my previous messages tried to
>> capture, the program is, and has always been, inherently subjective and
>> precisely designed to support d
On Sun, Mar 3, 2019 at 6:13 PM Ryan Sleevi wrote:
>
> It is not clear how this follows. As my previous messages tried to
> capture, the program is, and has always been, inherently subjective and
> precisely designed to support discretionary decisions. These do not seem to
> inherently conflict wi
On Mon, Mar 4, 2019 at 3:29 AM Buschart, Rufus via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Writing with my personal hat on:
>
>
> > -Ursprüngliche Nachricht-
> > Von: dev-security-policy
> Im Auftrag von Matthew Hardeman via dev-security-policy
> > On Sun, Ma
The incident report can be found here,
https://bugzilla.mozilla.org/show_bug.cgi?id=1530718
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Writing with my personal hat on:
> -Ursprüngliche Nachricht-
> Von: dev-security-policy Im
> Auftrag von Matthew Hardeman via dev-security-policy
> On Sun, Mar 3, 2019 at 2:17 PM bxward85--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > Insane that this
15 matches
Mail list logo
