Unless additional feedback is posted, I will include this change as
originally proposed in version 2.7 of our policy.
- Wayne
On Fri, Mar 29, 2019 at 11:23 AM Wayne Thayer wrote:
> On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org>
I will will include this change in policy version 2.7.
- Wayne
On Wed, Mar 27, 2019 at 8:04 PM Ryan Sleevi wrote:
> I'm not sure whether it's necessary to indicate support, but since silence
> can sometimes be ambiguously interpreted: I support these changes and
> believe they achieve the
Ryan - Again, thank you for the feedback, and please forgive me for the
delayed response. I've attempted to address your concerns on the wiki page
(since this isn't official policy, I'm editing the live document):
A possibility. They could have pasted something in the root chain. Note that
the required handshake would have caught that if it'd been implemented. Overall
it doesn't matter too much if was malicious or innocent, the cert holder can't
do anything without the private key.
-Original
All,
I posted the following to the Mozilla Security Blog to explain what the
CCADB is and why it is important.
https://blog.mozilla.org/security/2019/04/15/common-ca-database-ccadb/
Kathleen
___
dev-security-policy mailing list
According to Jeremy (see below), that was not the situation.
On 15/04/2019 14:09, Man Ho wrote:
I don't think that it's trivial for less-skilled user to obtain the CSR
of "DigiCert Global Root G2" certificate and posting it in the request
of another certificate, right?
On 15-Apr-19 6:57 PM,
I don't think that it's trivial for less-skilled user to obtain the CSR
of "DigiCert Global Root G2" certificate and posting it in the request
of another certificate, right?
On 15-Apr-19 6:57 PM, Jakob Bohm via dev-security-policy wrote:
> Thanks for the explanation.
>
> Is it possible that a
Thanks for the explanation.
Is it possible that a significant percentage of less-skilled users
simply pasted in the wrong certificates by mistake, then wondered why
their new certificates newer worked?
Pasting in the wrong certificate from an installed certificate chain or
semi-related support
8 matches
Mail list logo