This blog post is very vague, one can understood from it that Microsoft will
not trust any new certificates from these two CAs:
"Microsoft will begin the natural deprecation of WoSign and StartCom
certificates by setting a “NotBefore” date ... Windows 10 will not trust any
new certificates
On Monday, August 7, 2017 at 11:03:27 PM UTC+3, Jakob Bohm wrote:
> 7. At Quihoo: Actually get rid of Richard Wang, not just change his
>title from CEO to COO.
I didn't map the new hierarchy of the "Spanish" StartCom CA ("StartCom CA Spain
Sociedad Limitada"), having trouble registering to
Trust is something you *gain*.
I want to believe the internet has come a long way from PGP signing parties.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Monday, July 10, 2017 at 9:00:04 AM UTC+3, Richard Wang wrote:
> " 5. Provide auditor[3] attestation that a full security audit of the CA’s
> issuing infrastructure has been successfully completed. "
> " [3] The auditor must be an external company, and approved by Mozilla. "
What is the
Mr. Wang is mentioned on the end of the document, what is Richard Wang current
official responsibility of Mr. Wang at WoSign?
According to the incident report, release on October 2016 [1], Mr. Wang was
suppose to be relieved of his duties as CEO, this is mentioned in 3 separate
paragraphs
On Thursday, April 20, 2017 at 4:03:36 PM UTC+3, Gervase Markham wrote:
> Mozilla also doesn't believe that it's the job of CAs to police phishing
CAs should police as long as the browser gives positive reinforcement to the
end-users when they access a [phishing] site.
There were suggestions in
On Tuesday, February 28, 2017 at 6:00:47 PM UTC+2, Nick Lamb wrote:
> This is useful independent evidence that (at least some of) the names did
> exist at one time.
The problem is that they're "re-keying" certificates for domains that are no
longer in control of their subscribers (as Andrew
On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> I think that without more evidence we must assume that GlobalSign
> validated this domain correctly at a time when it existed.
There are many more test*.* domains, non of those (about 10) I checked exist. I
will compose
I talked with Ofer from Incapsula, he said the domain exist at some point;
Someone have access to domain tools or other tool to verify this matter? Based
on domaintools I can say the domain did exist but I can't tell when it cease to
exist.
This practice seem to go back to Apr 2014.
Link: https://crt.sh/?dNSName=testslsslfeb20.me
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Wednesday, January 11, 2017 at 5:03:08 AM UTC+2, Wayne Thayer wrote:
> ... and will also be logged to the Google Pilot CT log.
Why not posting _ALL_ certificates issues via that method to CT log?
___
dev-security-policy mailing list
On Sunday, November 6, 2016 at 12:11:43 AM UTC+2, Ryan Sleevi wrote:
> Can you tell me where that clause indicates that they should use the Alexa
> Top 1 million to consider a request "High Risk"?
It doesn't, "High risk" is left for the CA's interpretation. But after the fact
you can say that
On Friday, November 4, 2016 at 12:18:40 PM UTC+2, Gervase Markham wrote:
> ... But because WoSign had done the appropriate domain control checks,
> we did not consider this a mistake by WoSign.
(to my understanding) They did violate a "SHALL" guideline:
"The CA SHALL develop, maintain, and
On Wednesday, November 2, 2016 at 5:22:30 PM UTC+2, Gervase Markham wrote:
> Hi Daniel,
>
> On 02/11/16 14:11, Itzhak Daniel wrote:
> As far as the DigiCert certs go, it is far too early to have an opinion
> on what Mozilla is or isn't doing.
I have to agree, the time span is too
Interesting that Comodo and DigiCert are getting a different treatment, I
wonder if WoSign/StartCom had ignored Mozilla Security Community at some
degree, the same way Comodo and DigiCert are doing, would it saved them.
(I don't know if there are chatters in the back, maybe I missed something
15 matches
Mail list logo