From 2018-10-17 to 2019-03-06, DFN-PKI issued 40 certificates with
wrong ST-Field. 35 server certificates, 5 user certificates.
Details can be found here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1534580
Thanks,
Jürgen
___
We received a report about non-idna2003 encoded international domain
names. 4 certificates were affected and are revoked by now.
Details can be found here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1522080
Please also take note of the ongoing discussion regarding this topic in
the CA/B
Am 15.05.2018 um 15:01 schrieb Ryan Sleevi:
On Tue, May 15, 2018 at 3:53 AM Jürgen Brauckmann <brauckm...@dfn-cert.de>
wrote:
Today, site operators have taken steps to secure issuance of server
certificates, following the guidance of the BRs.
Email certificates are a different us
Ryan Sleevi via dev-security-policy wrote on 14.05.2018 20:52:
And that still moves to an 'insecure-by-default', by making every site
operator that has taken steps to actually restrict issuance not have those
wishes respected.
Today, site operators have taken steps to secure issuance of server
Am 10.04.2018 um 01:10 schrieb Wayne Thayer via dev-security-policy:
Getting back to the earlier question about email certificates, I am now of
the opinion that we should limit the scope of this policy update to TLS
certificates. The current language for email certificates isn't clear and
any
Gervase Markham via dev-security-policy schrieb:
> 1) As with all CAs, update all their domain validation code to use one
> of the 10 approved methods;
I'm probably confused regarding BRs pre/post Ballot 181: Aren't there
only 4 methods per Ballot 181?
Jürgen
Hanno Böck schrieb:
> I believe the potential problem is a different one: Systems that accept
> SHA256 on certificate signatures, but not on OCSP responses. I don't
> know if such systems exist, but if I had to make a bet I'd say they do.
Roland does not talk about signature algorithms. He is
Peter Gutmann schrieb:
Jürgen Brauckmann <brauckm...@dfn-cert.de> writes:
http://www.howtogeek.com/198811/ask-htg-whats-the-deal-with-androids-persistent-network-may-be-monitored-warning/
Ugh, yuck! So on the one hand we have numerous research papers showing that
Android apps that b
Ryan Sleevi schrieb:
I fear that others using the store for S/MIME or code-signing would think
the same as you. The reality is that this is not the case, which is why
it's all the more reason to make an informed decision.
As it stands, you could do each of those things I explicitly mentioned
One affected host: https://www.bit.admin.ch
It's cert contains an OCSP-AIA http://www.pki.admin.ch/aia/ocsp;, which
currently gives an HTTP 503.
Juergen
Rob Stradling schrieb:
On 06/02/15 15:00, Richard Barnes wrote:
Does the FOITT cert chain up to one of the roots in the Mozilla program?
Gervase Markham schrieb:
A question which occurred to me, and I thought I'd put before an
audience of the wise:
* What advantages, if any, do client certs have over number-sequence
widgets such as e.g. the HSBC Secure Key, used with SSL?
Am 10.04.2014 21:34, schrieb Erwann Abalea:
FWIW, I'm pretty confident that my private key hasn't been
compromised, even if my personal server was Heartbleed-enabled. So
far, private key leaks have been demonstrated on FreeBSD systems, not
on Linux. And only when the first request after the
12 matches
Mail list logo
