Yes, I know what happened but it´s not what the document says. Unless there´s
another document, it seems to me that you haven´t acted according to what this
page says. If I understand correcly, a should is a conditional and then it´s
not a requirement. Furthermore there´s no indication on the
Gerv,
I see many "should" in this link. Basically those indicating "should notify
Mozilla" and "should follow the physical relocation section". But in
physical relocation and personnel changes sections it seems to me there´s a
contradiction because there are some must. Can you explain the
Hi, this is my reply in the bugzilla
Hi all,
what Fanck is saying is true and we haven´t started to issue any cert using
this new path.
Regarding the info that is in this bug I´m really shocked because the
majority of them are revoked and don´t understand why have been included
here.
For
igel.email]
Sent: jueves, 3 de agosto de 2017 13:07
To: Inigo Barreira <in...@startcomca.com>; Franck Leroy
<fr.le...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom cross-signs disclosed by Certinomis
On 03/08/2017 10:47, Inigo Barreira via dev-security-p
[mailto:jonat...@titanous.com]
Sent: jueves, 3 de agosto de 2017 16:52
To: Inigo Barreira <in...@startcomca.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom cross-signs disclosed by Certinomis
> On Aug 3, 2017, at 04:47, Inigo Barreira via dev-security-policy
> &
Thanks for this info. These Startcom certs were issued from the old system.
We´ll contact the users and act accordingly.
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
No problem at all. I thought that while distrusted no needed to follow nor
update the CCADB. Will do asap.
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: Rob Stradling [mailto:rob.stradl...@comodo.com]
Sent: jueves, 27 de abril de 2017 13:08
To: Inigo
Good to know that our new certs are there :-)
Regarding StartCom, these are the new certs we´ve generated and will be used
to apply for inclusion in the Mozilla root program. Nothing to disclose at
the moment I guess. We´ve not been audited yet nor applied.
Best regards
Iñigo Barreira
CEO
>
> In this larger light, it would also seem that StartCom, having misissued a
number of certificates already under their new hierarchy, which present a
risk to Mozilla users (revocation is neither an excuse nor a mitigation for
misissuance), should be required to take corrective steps and
Hi Percy,
StartCom Spain exists since september last year. And it was included in the
remediation plan set in October last year, but at the time Gerv wrote that
email it didn´t exist officially, it took a while to be registered
officially in the "equivalent" spanish companies house.
The process
Hi,
1.- yes, I said many times that it was not a good decission and of course not
the best way to start, but at all times these test certs were under control,
lived only for some minutes. Everything was explained in bugzilla #1369359
2.- Those pre-certificates were related to these test
Hi,
In the remediation plan that was published in October there was a chart in
which was indicate how the group was going to change, from WoSign management
to be under 360 management. I can provide the information again if you wish.
StartCom Spain is 100% owned by Startcom UK, which is also 100%
Can this be responded to more directly and comprehensively please?
Are there any staff or personnel being shared between WoSign and Startcom?
No
This includes any staff from (or paid by) Qihoo 360 its subsidiaries,
contractors, or affiliates--does anyone do any work (paid or unpaid) for both
Yes, thank you for letting us know.
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org] On
Behalf Of Lewis Resmond via dev-security-policy
Sent: miércoles, 3 de
Yes, I wanted to know if a regular user can use its Gmail account to get an
s/mime cert but that can´t be issued because the CA can´t validate the
domain properly because it´s not his or authorized to use it when doing the
3.2.2.4
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
Hi all,
There´s been a misunderstanding internally when requested to create some "test"
certificates as indicated in the Microsoft root program requirements as stated
in 4b "Test URLs for each root, or a URL of a publicly accessible server that
Microsoft can use to verify the certificates."
Hi all,
Firstly I´d like to apologize for not having answering before and for
posting an initial response that was not correct not accurate and not
related what it´s being discussed right now. It was my fault for not having
checked before with my team, which is in China and they are 6 hours
Hello all,
I also did it but it´s not reflected.
In my case was also my fault because I was disclosing a different one.
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
I believe that's the 'best
practice' for sharing files here as it allows non-subscribers to access the
file via the Google Groups archive.
-Vincent
On Thu, Jun 1, 2017 at 6:40 AM Inigo Barreira via dev-security-policy
<dev-security-policy@lists.mozilla.org
<mailto:dev-security-policy@l
What about those for gmail, Hotmail, etc.? Are out of scope?
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org]
On Behalf Of Gervase Markham via dev-security-policy
> > >
> > > > Those tests were done to check the CT behaviour, there was any
> > > > other
> > > testing of the new systems, just for the CT. Those certs were under
> > > control all the time and were lived for some minutes because were
> > > revoked inmediately after checking the certs were
>
> > Those tests were done to check the CT behaviour, there was any other
> testing of the new systems, just for the CT. Those certs were under control
> all
> the time and were lived for some minutes because were revoked inmediately
> after checking the certs were logged correctly in the CTs.
> Hi Inigo,
>
> To add from the last post.
>
> I know this is unwelcome news to you but I feel that with all these incidents
> happening right now with Symantec and the incidents before, we can't really
> take any more chances. Every incident is eroding trust in this system and if
> we
> want
> > Yes, you´re right, that was on the table and also suggested by
> > Mozilla, but the issue was that people from 360 are used to code in
> > PHP and the old one was in Java and some other for which they are not
> > so familiar and then was decided to re-write all the code in PHP
> > trying to
>
> Hi Inigo,
>
> On 14/09/17 16:05, Inigo Barreira wrote:
> > Those tests were done to check the CT behaviour, there was any other
> testing of the new systems, just for the CT.
>
> Is there any reason those tests could not have been done using a parallel
> testing hierarchy (other than the
All,
Obviously this is not the message we would like to read and will try to explain
and rebate as much as possible some of the comments posted here.
>
> The Mozilla CA Certificates team has been considering what the appropriate
> next steps are for the inclusion request from the CA
> On 14/09/2017 17:05, Inigo Barreira wrote:
> > All,
> >
> > ...
> >>
> >> We should add the existing Certnomis cross-signs to OneCRL to revoke
> >> all the existing certificates. As of 10th August (now a month ago)
> >> StartCom said they have 5 outstanding SSL certs which are valid
> >> due
Hi Percy,
Yes, you´re right, that was on the table and also suggested by Mozilla, but
the issue was that people from 360 are used to code in PHP and the old one
was in Java and some other for which they are not so familiar and then was
decided to re-write all the code in PHP trying to keep the
Yes, there are similar ones everywhere, so I´m familiar with it :-)
And you´re right, I also make contributions in many other places, ETSI, ENISA,
CABF (used to), ... and not get paid for that, but it´s also true that the way
the distrust happened didn´t give us time or much time to act
>
> I want to give you some words from one of the "community side" (this is a
> personal opinion and may vary from other opinions inside the community).
>
> Trust is not something that you get, it is something that you earn.
True
> StartCom was distrusted because of serious issues with their
Has this been asked ever? Has any other CA published it? It´s just to know.
And, is there a "default" scope for this kind of security audits?
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
>
[mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org]
On Behalf Of Inigo Barreira via dev-security-policy
Sent: lunes, 4 de septiembre de 2017 18:40
To: Andrew Ayer <a...@andrewayer.name>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: StartCom communication
Hi
Hi Gerv,
Those updates are referred basically to the format of the report in which
Franck asked to include specific information such as the serial number,
names, etc. according to your instructions. The report itself has not been
changed (that´s forbidden).
Regarding the qualifications or
Hi Quirin,
I was going to reply to your email after investigating what happened, but since
you´ve posted here, I can share it.
I think most of the CAs are strugling with the DNSSEC interpretation or how to
solve some of the issues.
In our case, I can tell the following:
The DNSSEC checking is
Thanks Quirin, we´re working with Primekey to know what happened (we´ll
generate a report once known) and will contact you if necessary to check
that info you have.
Regarding the logs, the log message actually means that CAA either
explicitly permitted the issuance, or implicitly permitted
Ok, let me investigate this further, maybe I didn´t catch it rightly.
For the record, the certificate was revoked
Best regards
Iñigo Barreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org]
rreira
CEO
StartCom CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+inigo=startcomca@lists.mozilla.org]
On Behalf Of Inigo Barreira via dev-security-policy
Sent: martes, 12 de septiembre de 2017 12:44
To: Nick Lamb <tialara...@gma
Message-
From: Andrew Ayer [mailto:a...@andrewayer.name]
Sent: lunes, 4 de septiembre de 2017 18:06
To: Inigo Barreira <in...@startcomca.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: StartCom communication
On Mon, 4 Sep 2017 12:10:19 +
Inigo Barreira via dev-se
Hi all,
I´ve realized that there has not been a good communication path to announce
all the tasks and actions performed by StartCom during this time and this
email will try to remediate it. I´d also like to ask you for some feedback,
comments and/or suggestions on how to improve. I think we´ve
And checking this site, how can Comodo have more certs with errors (15030) than
certs issued (15020).
Regards
From: dev-security-policy on
behalf of Adriano Santoni via dev-security-policy
Sent: Monday, October 01, 2018 10:09 PM
To: Rob Stradling;
40 matches
Mail list logo