On Mon, 25 Mar 2019 22:16:27 +
Rob Stradling via dev-security-policy
wrote:
> Even better than that (and many thanks to Andrew Ayer for suggesting
> this idea)...
>
> To enable folks to do more thorough statistical analysis, I've
> produced another, richer summary table (named
>
Are you intending to revoke all of the end-user certificates issued from the
non compliant certificates?
If not, then can you state why?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Hi
This is an incident report for two intermediate certificates issued by Buypass
in December 2016 noncompliant with BR 7.1.
===How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, a discussion in
Doug: You'll need to connect directly to the certwatch database using a
tool like psql:
psql -h crt.sh -p 5432 -U guest certwatch
Here's Rob's announcement of direct database access:
https://crt.sh/forum?place=msg%2Fcrtsh%2FsUmV0mBz8bQ%2FK-6Vymd_AAAJ
On Tue, Mar 26, 2019 at 11:34 AM Doug Beattie
Rob,
I'm sure you provided this info somewhere, but I can't figure our where the
new summary table (named serial_number_entropy_20190325) is located. Is it
somewhere on your Google Doc, or somewhere else?
https://docs.google.com/spreadsheets/d/1K96XkOFYaCIYOdUKokwTZfPWALWmDed7znjC
[Somehow the list got dropped on this when I did reply-all]
It would probably be a good idea to submit the keys to
https://pwnedkeys.com/submit.html as well, as a centralized way for CAs to
verify that the keys are in fact compromised. We received one of these reports
in the form of a
Melis: Thank you for this incident report. I have filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1539190 and assigned it to you
to track this issue.
Will you please have one of your colleagues add you as a Kamu SM contact in
CCADB? That will allow me to confirm that you are representing Kamu
> The New York Times article that you reference does not add anything new to
> the misleading allegations previously published in the Reuters article. It
> simply repeats ad-nauseum a false, and categorically denied, narrative about
> DarkMatter, under the guise of an investigative reporting
> > This is a great question!
> >
> > If the certificate is in scope of the BRs (i.e. the intermediate is either
> > I or III), then we know Subscriber certificates MUST have a Key Usage
> > (7.1.2.3(e) of the BRs).
> > >From RFC 5280, Section 4.1.2.3, we know "When the keyUsage extension
> >
9 matches
Mail list logo