Re: GoDaddy: Failure to revoke key-compromised certificate within 24 hours

For 0% of impact the FPs do not matter that much, so agreed! Of course for now reality is not that... yet! https://github.com/certbot/certbot/issues/1028 seems so appropriate :) PS I was definitely not advocating for 5% false negative, no; we must strive for 0% false negatives as well; all I

Re: GoDaddy: Failure to revoke key-compromised certificate within 24 hours

On Tue, 10 Mar 2020 at 22:19, Ryan Sleevi wrote: > > > On Tue, Mar 10, 2020 at 4:25 PM bif via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> Matt, >> >> Voluntarily providing CSR is not an ideal way to prove key compromise, >> because you could've simply found this

Re: A modest proposal for a better BR 7.1

On Wed, Mar 13, 2019 at 5:52 AM Ryan Sleevi wrote: > > > On Tue, Mar 12, 2019 at 11:18 PM bif via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> FWIW, the easiest would've been to remove "positive" aspect of serials. >> Who really cares? A random number is a random

Re: Mozilla’s Plan for Symantec Roots

On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert wrote: > > For example, if you note, there are two Google certificates, but they > > share the same SPKI and Subject Name - which is why the Chromium > > whitelist only has one certificate listed, as it extracts the SPKI from > > that