On Fri, 23 Aug 2019 at 22:53, Daniel Marschall via dev-security-policy
wrote:
>
> Am Freitag, 23. August 2019 00:50:35 UTC+2 schrieb Ronald Crane:
> > On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
> >
> > Whatever the merits of EV (and perhaps there are some -- I'm not
> >
On Thu, Aug 22, 2019 at 1:44 PM kirkhalloregon--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Some have responded there is no research saying EV sites have
> significantly less phishing (and are therefore safer) than DV sites – Tim
> has listed two studies that say ex
On 8/23/2019 3:53 PM, Daniel Marschall via dev-security-policy wrote:
Am Freitag, 23. August 2019 00:50:35 UTC+2 schrieb Ronald Crane:
On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
Whatever the merits of EV (and perhaps there are some -- I'm not
convinced either way) th
Am Freitag, 23. August 2019 00:50:35 UTC+2 schrieb Ronald Crane:
> On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
>
> Whatever the merits of EV (and perhaps there are some -- I'm not
> convinced either way) this data is negligible evidence of them. A DV
> cert is sufficie
[Please note that the way MS Outlook marks quoted text doesn't work well
with Mozilla mail programs].
On 23/08/2019 22:37, Jeremy Rowley wrote:
>> 1. I believe the BRs and/or underlying technical standards are very
>> clear if the ST field should be a full name ("California") or an
>> abb
On Fri, Aug 23, 2019 at 4:37 PM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> >> 1. I believe the BRs and/or underlying technical standards are very
>clear if the ST field should be a full name ("California") or an
>abbreviation ("CA").
>
> This is
On Fri, Aug 23, 2019 at 4:18 PM Jeremy Rowley
wrote:
> > I can think of some incremental steps here:
>
> > - Disclosing exact detailed procedures via CP/CPS
>
>
>
> Maybe an addendum to the CPS. Or RPS. I’ll experiment and post something
> to see what the community thinks.
>
Yup. I've seen plent
>> 1. I believe the BRs and/or underlying technical standards are very
clear if the ST field should be a full name ("California") or an
abbreviation ("CA").
This is only true of the EV guidelines and only for Jurisdiction of
Incorporation. There is no formatting requirement for place of bu
>> I'm a little nervous about encouraging wide use of OCR. You may recall at
>> least one CA was bit by an issue in which their OCR system misidentified
>> letters - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713
>> That's why I was keen to suggest technical solutions which would verify
>
> Correlation does not imply causation.
>
> There are studies that show phishing sites tend not to be EV - yes.
> That's a correlation.
>
> If we studied phishing sites and domain name registration fees I'm
> sure we'd find a correlation there too - I'd bet the .cfd TLD (which
> apparently cos
On Fri, Aug 23, 2019 at 2:00 PM Jeremy Rowley
wrote:
>
>
>- Could you highlight a bit more your proposal here? My understanding
>is that, despite the Handelsregister ("Commercial Register") being
>available at a country level, it's further subdivided into a list of
>couunty or reg
* Could you highlight a bit more your proposal here? My understanding is
that, despite the Handelsregister ("Commercial Register") being available at a
country level, it's further subdivided into a list of couunty or region - e.g.
the Amtsgericht Herne ("Local Court Herne").
* It sou
On 8/23/2019 6:41 AM, Tom Ritter via dev-security-policy wrote:
On Fri, 23 Aug 2019 at 05:00, Leo Grove via dev-security-policy
wrote:
On Thursday, August 22, 2019 at 5:50:35 PM UTC-5, Ronald Crane wrote:
On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
I can tell you
On 23/08/2019 04:29, Jeremy Rowley wrote:
I posted this tonight: https://bugzilla.mozilla.org/show_bug.cgi?id=1576013. It's sort of
an extension of the "some-state" issue, but with the incorporation information
of an EV cert. The tl;dr of the bug is that sometimes the information isn't perfect
On Thu, Aug 22, 2019 at 10:29 PM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I posted this tonight:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1576013. It's sort of an
> extension of the "some-state" issue, but with the incorporation information
> of
Dear all,
just a short note on that with regard to auditing and Audit Attestations based
upon ETSI: throughout the audit we check the incidents of the current audit
period as documented by the CA (have they been addressed at a sufficient level,
have the measures taken proven that they are suffi
On Fri, 23 Aug 2019 at 05:00, Leo Grove via dev-security-policy
wrote:
>
> On Thursday, August 22, 2019 at 5:50:35 PM UTC-5, Ronald Crane wrote:
> > On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
> > > I can tell you that anti-phishing services and browser phishing filters
17 matches
Mail list logo
