For 0% of impact the FPs do not matter that much, so agreed!
Of course for now reality is not that... yet!
https://github.com/certbot/certbot/issues/1028 seems so appropriate :)
PS I was definitely not advocating for 5% false negative, no; we must
strive for 0% false negatives as well; all I
On Tue, 10 Mar 2020 at 22:19, Ryan Sleevi wrote:
>
>
> On Tue, Mar 10, 2020 at 4:25 PM bif via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Matt,
>>
>> Voluntarily providing CSR is not an ideal way to prove key compromise,
>> because you could've simply found this
On Wed, Mar 13, 2019 at 5:52 AM Ryan Sleevi wrote:
>
>
> On Tue, Mar 12, 2019 at 11:18 PM bif via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> FWIW, the easiest would've been to remove "positive" aspect of serials.
>> Who really cares? A random number is a random
On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert wrote:
> > For example, if you note, there are two Google certificates, but they
> > share the same SPKI and Subject Name - which is why the Chromium
> > whitelist only has one certificate listed, as it extracts the SPKI from
> > that
4 matches
Mail list logo