Re: Public trust of VISA's CA

On Wednesday, February 14, 2018 at 8:43:19 AM UTC-8, Wayne Thayer wrote: > In this particular case, my conclusion is that the existing Mozilla > process is working. We have documented a number of issues that when > considered in aggregate warrant an investigation. Hi Wayne, Forgive me if I'm

Re: Discovering unlogged certificates in internet-wide scans

Hi Stephen, Thank you for the correction; I regret the error. On Tue, Apr 10, 2018 at 8:12 AM Stephen Davidson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > These certificates are compliant with the BR and contain the required > extKeyUsage values for both

Re: Discovering unlogged certificates in internet-wide scans

On Sat, Mar 31, 2018 at 6:28 PM, Michael Casadevall via dev-security-policy wrote: > Pretty interesting read, and always happy to see more information go > into CT. One thing I couldn't divine from your data was how did you look > for non-HTTPS services? Did

Discovering unlogged certificates in internet-wide scans

Hi MDSP, I went looking for corpuses of certificates that may not have been previously logged to CT and found some in the Rapid7 "More SSL" dataset, which captures certificates from their scans of non-HTTPS ports for TLS-speaking services. I wrote up some findings at

Re: Discovering unlogged certificates in internet-wide scans

On Sat, Mar 31, 2018 at 3:26 PM, Kurt Roeckx wrote: > Have you done the for their other scans? I haven't. The Rapid7 HTTPS corpus is much larger; I'm not sure my approach will scale that far and I imagine the new discovery rate will be lower. Censys has been interested in