On Fri, 10 May 2019 02:05:17 +
Jeremy Rowley via dev-security-policy
wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1550645
>
> Anyway, let me know what questions, comments, etc you have.
Thanks Jeremy,
If DigiCert is able to retrospectively achieve confidence that issuance
would ha
Hi Alex,
Thank you for reporting this issue. The certificate has been revoked. We will provide an incident report after the internal investigation is finished.
Kind regards,
Cristian Garabet
CISO
Sent from my Samsung Galaxy smartphone.
__
Inspired by Nick Lamb's comment a week or so ago on m.d.s.p about "Default
City" being an OpenSSL default value in CSRs, I ran some more searches on
the OpenSSL defaults and found almost 100 certificates with a
stateOrProvinceName of "Some-State". BR section 7.1.4.2.2(f) requires this
field to be v
This raised a question:
How can CA prove they have done CAA checks or not at the time of issue?
在 2019年5月10日星期五 UTC+8上午10:05:36,Jeremy Rowley写道:
> FYI, we posted this today:
>
>
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1550645
>
>
>
> Basically we discovered an issue with our CAA
Thanks for that. So now I should send another email to rev...@digicert.com or
just wait for revocation? And who should I contact if this address doesn't work?
在 2019年5月10日星期五 UTC+8上午8:26:09,Jeremy Rowley写道:
> No argument from me there. We generally act on them no matter what.
> Typically any email
On Friday, 10 May 2019 19:00:11 UTC+2, Wayne Thayer wrote:
...
> I share the concern that option #2 sends a confusing message. As Jonathan
> stated, why should we distrust a CA for all but the most important websites
> they secure?
I'd say that both "too big to fail" and "too important to fail
6 matches
Mail list logo