While sending a message that non-compliance could result in policy change
is generally a bad idea, I did notice something about the profile of the
non-compliant certificate which gave me pause:
None of the example certificates which were provided include a SAN
extension at all.
Today, no valid ce
Thank you for the incident report. I have created
https://bugzilla.mozilla.org/show_bug.cgi?id=1535873 to track this issue.
- Wayne
On Wed, Mar 13, 2019 at 1:35 PM Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> When the serial number issue was first disclo
I think answers to the following questions might be helpful:
1. What software / types of software are being utilized which would give
compatibility issues? What is the validation logic of those applications /
systems?
2. If these certificates don't have a purpose known to or respected by the
W
Thank you for this incident report. I have created
https://bugzilla.mozilla.org/show_bug.cgi?id=1535871 to track this issue.
- Wayne
On Wed, Mar 13, 2019 at 9:56 AM Berge, J. van den (Jochem) - Logius via
dev-security-policy wrote:
> Hello MDSP,
>
> Logius PKIoverheid wants to report a potentia
In bug 1523221 [1], GRCA (Government of Taiwan) has responded to a
misissuance report by stating that the certificates in question are not
intended for serverAuth or emailProtection. However, our policy applies to
certificates **capable** of being used for serverAuth or emailProtection,
including t
Corey Bonnell via dev-security-policy
wrote:
> If I recall correctly, there was some discussion in late 2017 in the
> IETF LAMPS WG (the working group producing the successor to the
> current CAA RFC 6844)
Thanks for noting this. Sounds like that's the best group to continue
the discussion in.
Ryan - Thank you for the feedback.
On Fri, Mar 15, 2019 at 6:14 PM Ryan Sleevi wrote:
> While I realize the thinking is with regards to the recent serial number
> issue, a few questions emerge:
>
> 1) Based on the software vendor reporting, they don’t view this as a
> software defect, but a CA m
7 matches
Mail list logo