Hi all,
We were alerted to the fact that EJBCA does not calculate certificate and OCSP
validities in accordance with RFC 5280, which has been a requirement since BR
1.7.1 The word "inclusive" was not caught, meaning that a certificate/response
issued by EJBCA will have a validity of one second
To be clear, the change came as a result of following the cabf mailing
lists, and was released as soon as it could be fit into our pipeline. All
customers were informed through our release mailing list.
Cheers
Mike Agrenius Kushner
Product Owner, EJBCA
On Fri, 18 Sep 2020 at 13:35, Arvid
On Monday, May 13, 2019 at 1:39:32 AM UTC+2, Matt Palmer wrote:
> On Sat, May 11, 2019 at 08:37:53AM -0700, Han Yuwei via dev-security-policy
> wrote:
> > This raised a question:
> > How can CA prove they have done CAA checks or not at the time of issue?
>
> They can't, just as they can't
On Thursday, March 14, 2019 at 11:54:52 PM UTC+1, James Burton wrote:
> Let's Encrypt CA software 'Boulder' is open source for everyone to browse
> and check for issues. All other CAs should follow the Let's Encrypt lead
> and open source their own CA software for everyone to browse and check for
> I think when it comes to specifications with cryptographic relevance (as
> unpredictable serials are), less is more; the more inflexible and
> unambiguous the spec is, the less likely it will be "creatively
> interpreted" in a manner that bypasses the whole point. To someone with
> crypto
Hi Jakob,
On Thursday, March 7, 2019 at 7:30:03 PM UTC+1, Jakob Bohm wrote:
> In the cause of the other discussion it was revealed that EJBCA by PrimeKey
> has apparently:
>
> 1. Made serial numbers with 63 bits of entropy the default. Which is
> not in compliance with the BRs for globally
Hi,
Since EJBCA as a product was mentioned we thought we could chime in with some
background and updates.
EJBCA was possible the first (certainly one of the first) CA products to use
random serial numbers. From the very beginning, 64 bit random serial numbers,
from a CSPRNG, were used. This
7 matches
Mail list logo