> 2017 assessment report
> LSTI didn't issue to Certinomis any "audit attestation" for the browsers in
> 2017. The document Wayne references is a "Conformity Assessment Report" for
> the eIDAS regulation.
I had a look at the 2017 report, and unless I misread, it implies conformity to
ETSI EN 31
On Thursday, May 2, 2019 at 1:11:20 AM UTC+2, Wayne Thayer wrote:
> Correct - 319 411 was (and still is) the Mozilla audit requirement.
>
> [1] https://bug937589.bmoattachments.org/attachment.cgi?id=8898169
Thanks for the clarification Wayne.
___
dev-se
> But does EN 319 401, as it existed in 2016/2017 incorporate a clause to
> apply all "future" updates to the CAB/F regulations or otherwise cover
> all BRs applicable to the 2016/2017 timespan?
Interesting question. Would it have to explicitly claim to incorporate any
future updates? Or would
On Tuesday, July 9, 2019 at 11:23:11 PM UTC+2, Matthew Hardeman wrote:
> Truly horrid organizations and/or individuals passively own all kinds of
> assets. A strong management team that can be trusted to keep commitments to
> sound the alarm if the organization goes off track is one way to addr
On Tuesday, July 9, 2019 at 11:46:05 PM UTC+2, Matthew Hardeman wrote:
> ownership: Francisco Partners. It is difficult for me to see the
> difference, objectively speaking.
agree, but I think Francisco partners was ... rubbing the wrong way, too; and I
think that issue was let go way too easily
> I've been wondering if CT is a good tool for things like safe
> browsing to monitor possible phishing sites and possibly detect
> them faster.
Are there general proposals yet on how to distinguish phishing vs legitimate
when it comes to domains? (like apple.com vs app1e.com vs mom'n'pop farmer'
> Not for those sorts of differences. There are in an IDN context:
> http://unicode.org/reports/tr39/
wasn't aware of that TS, thanks!
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-secur
Maybe I'm alone in this but, while entertaining, I'm taken aback a bit if this
is official Symantec communication in a forum like m.d.s.p.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-
On Wednesday, May 10, 2017 at 7:59:37 PM UTC+2, Itzhak Daniel wrote:
> The next step, if Symantec wish to continue to use their current PKI in the
> future, should be logging (ASAP) *all* of the certificates they issued to a
> CT log, then we'll know how deep is the rabbit hole.
already the case
9 matches
Mail list logo