Re: Apple: Patch Management

2019-12-13 Thread Apple CA via dev-security-policy
On Monday, December 9, 2019 at 2:03:20 PM UTC-8, Matt Palmer wrote: > On Fri, Dec 06, 2019 at 07:08:46PM -0800, Apple CA via dev-security-policy > wrote: > > On Saturday, November 23, 2019 at 3:28:10 PM UTC-8, Matt Palmer wrote: > > > [aside: this is how incident reports

Re: Apple: Patch Management

2019-12-06 Thread Apple CA via dev-security-policy
On Monday, November 25, 2019 at 5:32:12 PM UTC-8, Apple CA wrote: > On Saturday, November 23, 2019 at 3:28:10 PM UTC-8, Matt Palmer wrote: > > [aside: this is how incident reports should be done, IMHO] > > > > On Fri, Nov 22, 2019 at 07:23:27PM -0800, Apple CA via dev-secur

Re: Apple: Patch Management

2019-11-25 Thread Apple CA via dev-security-policy
On Saturday, November 23, 2019 at 3:28:10 PM UTC-8, Matt Palmer wrote: > [aside: this is how incident reports should be done, IMHO] > > On Fri, Nov 22, 2019 at 07:23:27PM -0800, Apple CA via dev-security-policy > wrote: > > We did not have an accurate understanding of how

Apple: Patch Management

2019-11-22 Thread Apple CA via dev-security-policy
On November 22, Apple submitted an incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1598829, which is reposted below. Incident Report 1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in

Re: Apple OCSP responders return responses with incorrect issuer

2019-10-17 Thread Apple CA via dev-security-policy
On October 17, Apple submitted an incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1588001#c3, which is reposted below. Incident Report 1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in

Apple OCSP responders return responses with incorrect issuer

2019-10-10 Thread Apple CA via dev-security-policy
Apple has submitted this preliminary incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1588001, which is reposted below. On 03-October-2019 at 13:52 PT, we were notified via a problem report submitted to our Problem Reporting Mechanism that our OCSP responders were returning

Apple: Precertificates without corresponding certificates return OCSP value of "unknown"

2019-09-13 Thread Apple CA via dev-security-policy
We’ve been following the discussions regarding how OCSP responders should handle Precertificates without corresponding certificates and what the appropriate response indicator should be (good, revoked, or unknown). Based on the recent clarifications at [1], we want to inform the community that

Apple: Non-compliant Common Name Length

2019-06-05 Thread Apple CA via dev-security-policy
On June 4, Apple submitted an incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1556906, which is reposted below. ___ Incident Report 1. How your CA first became aware of the problem (e.g. via a