For EV certificate being useful in email, email client software should
give a special EV treatment to such certificate. I am not aware of any
email client software that support any special EV treatment at all. Do
you have more information to share with us?
-- Man Ho
On 13-Aug-19 5:12 PM, Kur
I could be wrong, but some browsers (IE/Chrome) seems to cache
downloaded PDF file and display the cache file if the filename is the
same. If it's true, end user may be actually reading an outdated PDF file.
- Man Ho
On 04-May-19 3:18 AM, Wayne Thayer via dev-security-policy wrote:
> A relative
I don't think that it's trivial for less-skilled user to obtain the CSR
of "DigiCert Global Root G2" certificate and posting it in the request
of another certificate, right?
On 15-Apr-19 6:57 PM, Jakob Bohm via dev-security-policy wrote:
> Thanks for the explanation.
>
> Is it possible that a s
r comments, you're welcome to bring it out. :)
On 17-Jan-19 10:25 AM, Man Ho via dev-security-policy wrote:
Thanks for all the comments. I'm preparing now to apply the relevant
changes from the "Pre-production" CPS in the current CPS to clarify
these concerns. Specifically,
I've just fill in the incident report [1],
https://bugzilla.mozilla.org/show_bug.cgi?id=1520299
On 16-Jan-19 5:30 AM, Wayne Thayer via dev-security-policy wrote:
There were no unresolved incidents, but I just created one to document the
misissued certificates that were revoked in August 20
Thanks for all the comments. I'm preparing now to apply the relevant
changes from the "Pre-production" CPS in the current CPS to clarify
these concerns. Specifically,
1. correct the description of revocation process to fix the suspension
and revocation issue.
2. make a statement in PREAMBLE th
On 15-Jan-19 12:31 PM, Ian Carroll via dev-security-policy wrote:
> from looking at [3] I think it should be a
> very negative mark against a CA to have to OneCRL one of their
> intermediates.
[3] was reported and discussed three years ago. When I look at it
positively today, it does remind me t
When the ballot said "... would result in a valid domain label", does it
mean that "... would result in a valid domain name of the applicant,
that has passed the same level of domain authorization (DV, OV, EV) check?
Secondly, is it necessary for CAs to state their practice of handling
undersco
8 matches
Mail list logo