Re: GRCA: Out-of-date CPS provided in CCADB

We have updated our CP and English website. Please see https://grca.nat.gov.tw/GRCAeng/index.html ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: GoDaddy: Failure to revoke certificate with compromised key within 24 hours

Do you have a copy of the OCSP response? With such issues, we may need signed artifacts to demonstrate non-compliance. For example, it shows as revoked via both OCSP and CRL for me. On Thu, May 14, 2020 at 4:32 PM sandybar497--- via dev-security-policy wrote: > > On 7 May 2020 at 12:07:07 PM

ZLint 2.1.0-RC1 and announcement list

Hi all, Earlier this year, we began publishing semantically versioned ZLint releases based on several requests from CAs. Yesterday, we tagged 2.1.0-RC1 (https://github.com/zmap/zlint/releases/tag/v2.1.0-rc1), which includes the first batch of Mozilla Root Store Policy lints. We have created a

Re: Sectigo: Failure to revoke certificate with compromised key

On Wednesday, May 6, 2020 at 5:50:09 AM UTC+10, Ryan Sleevi wrote: > On Tue, May 5, 2020 at 12:35 PM sandybar497--- via dev-security-policy > wrote: > > > > I submitted a compromised key report to Sectigo [ssl_ab...@sectigo.com] on > > 1 May 2020 at 2:03pm UTC but Sectigo failed to revoke the

GoDaddy: Failure to revoke certificate with compromised key within 24 hours

On 7 May 2020 at 12:07:07 PM UTC I reported a certificate to GoDaddy at practi...@starfieldtech.com as having its private key compromised. I received the automated acknowledgement confirmation, however, as of 2020-05-09 03:39:36 UTC (well after 24 hours), OCSP still shows the certificate as

Re: AIA CA Issuer field pointing to PEM encoded certs

Dear Hanno, Many thanks for the report. This has now been fixed for Multicert and an incident report was filed at Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1637093 Best regards, NP segunda-feira, 11 de Maio de 2020 às 17:09:08 UTC+1, Hanno Böck escreveu: > Hi, > > As I

RE: 7.1.6.1 Reserved Certificate Policy Identifiers

Yes, I should have asked this on the CABF list, and you answered my question with the links below. Thanks! From: Ryan Sleevi Sent: Thursday, May 14, 2020 8:57 AM To: Doug Beattie Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: 7.1.6.1 Reserved Certificate Policy Identifiers

Re: 7.1.6.1 Reserved Certificate Policy Identifiers

Did you mean to ask this on the CABF list? This is https://github.com/cabforum/documents/issues/179 which I was going to try to fix in https://github.com/sleevi/cabforum-docs/pull/12 (aka “spring” cleanup that is seeking endorsers) The discussion thread is

7.1.6.1 Reserved Certificate Policy Identifiers

I have a question about section, 7.1.6.1. It says: This section describes the content requirements for the Root CA, Subordinate CA, and Subscriber Certificates, as they relate to the identification of Certificate Policy. For Subscriber certificates I totally understand and agree with section