Pedro,
Thank you for reporting this issue.
On Tue, Mar 19, 2019 at 2:10 AM Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> In light of the recent discussion related to serial number Entropy, at
> WISeKey we could verify that we were also affected by this
The BRs require EKUs in leaf TLS certs, but there is no equivalent
requirement for S/MIME certificates. This leads to confusion such as [1] in
which certificates that are not intended for TLS or S/MIME fall within the
scope of our policies.
Simply requiring EKUs in S/MIME certificates won't solve
On Thu, Mar 28, 2019 at 5:29 PM Ryan Sleevi wrote:
>
> On Thu, Mar 28, 2019 at 7:42 PM Wayne Thayer wrote:
>
>> On Thu, Mar 28, 2019 at 4:11 PM Ryan Sleevi wrote:
>>
>>> On Thu, Mar 28, 2019 at 6:45 PM Wayne Thayer via dev-security-policy <
>>> dev-security-policy@lists.mozilla.org> wrote:
>>>
On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 28/03/2019 21:52, Wayne Thayer wrote:
> > Our current Root Store policy assigns two different meanings to the term
> > "technically constrained":
> > * in sections 1.1 and 3.1,
Dear MDSP community,
We would like to share an update to our initial post-mortem of 03/13/2019
and our subsequent updates of 03/19/2019 and 03/22/2019
Following the discussions on MDSP Logius has determined that the following
G3 TSP CAs (Issuing CA certificates) are not compliant with BR 7.1
On 28/03/2019 21:52, Wayne Thayer wrote:
> Our current Root Store policy assigns two different meanings to the term
> "technically constrained":
> * in sections 1.1 and 3.1, it means 'limited by EKU'
> * in section 5.3 it means 'limited by EKU and name constraints'
>
> The BRs already define a
Hello,
related to this... I'd like to point out something that is bugging me...
Section 7.1.5 of the BR stipulates...
First paragraph: "For a Subordinate CA Certificate to be considered Technically
Constrained..."
Second paragraph: "If the Subordinate CA Certificate includes the
7 matches
Mail list logo