=2081585376 has been revoked.
I will include all of these details in the incident report which is in
preparation.
Regards
Robin Alden
Sectigo Limited
> -Original Message-
> From: dev-security-policy
> On Behalf Of sandybar497--- via dev-security-policy
> Sent: 07 May 2020 03:27
>
s://bugzilla.mozilla.org/show_bug.cgi?id=1635840 and I will
follow up with an incident report in that bug.
Regards
Robin Alden
Sectigo
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
ctions concerning this certificate after it had been
initially revoked, e.g. re-revoking if misissuance or subscriber key compromise
were detected.
Regards
Robin Alden
Sectigo Limited
smime.p7s
Description: S/MIME cryptographic signature
branding purposes, e.g. "issued through "
> > or "SomeBrand SSL".
> >
>
> That OU clearly doesn't have anything to do with the subject that
> was validated, so I also consider that a misissue.
>
[Robin Alden]
Kurt, Matthias,
We are aware
d-kp-OCSPSigning the only place we have observed them to require it is in the
Microsoft Certificate Authority software.
We have no reason to believe that their operating systems or browsers require
EKU chaining for id-kp-OCSPSigning in the web PKI.
Does anyone have any evidence to the contrary
Nick, Ángel,
Sectigo is not affected by this incident.
https://sectigo.com/blog/attention-journalists-and-researchers-dont-confuse-comodo-with-sectigo
Regards
Robin Alden
Sectigo Limited
> -Original Message-
> From: Nick Lamb via dev-security-policy
> Sent: 27 July 2
ity to use
comodo.com for this purpose.
We have always disclosed updates to our CAA domains to the CCADB promptly.
Regards
Robin Alden
Sectigo Limited
> -Original Message-
> From: dev-security-policy
> On Behalf Of Wayne Thayer via dev-security-policy
> Sent: 05 February 2019 15:58
I understand the OP's concern and will respond to the bug shortly.
Regards
Robin Alden
Comodo CA Ltd.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
variants of the abuse email addresses which are still active and were
still receiving mail.
This was corrected and this certificate was revoked after checking the key.
Regards
Robin Alden
Comodo CA Ltd.
> -Original Message-
> From: Hanno Böck
> Sent: 08 August 2018 15:18
&
orm a fresh
BR compliance review to help ensure that no other misunderstandings of the BRs
persist.
We are grateful to Andrew Ayer for the problem report.
Regards
Robin Alden
CTO for SSL
Email: robin.al...@comodoca.com
ComodoCA.com
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
when we blocked .tg.
When we first got a heads-up about this we looked at the data and I said
that it looked to me like 25th October was the transition to chaos, since
that is when we issued the first of many gouv.tg certificates.
I hope that helps a little.
Regards
Robin Alden
Comodo CA Ltd
Peter,
As you noted in your post to the cryptography list, Francisco
Partners' website states that they exited from their investment in Blue
Coat.
https://www.franciscopartners.com/investments/blue-coat?sector=Comms-Securit
y=1200
Regards
Robin Alden
Comodo
> -Original Mess
s policies or procedures, or the secure locations from which we
operate our CA infrastructure.
The operational personnel in Comodo CA Limited will not change. The
certificate validation teams will remain unchanged.
Regards
Robin Alden & Rob Stradling
Comodo CA Ltd.
twork Security - Version 2.1"
http://www.webtrust.org/principles-and-criteria/item83666.pdf
Those criteria specifically call out 7.1.4.2.1 and the 1 October 2016 date.
Regards
Robin Alden
Comodo
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> b
diligence.
Regards
Robin Alden
Comodo
> -Original Message-
> From: dev-security-policy On Behalf Of Nick Lamb
> Sent: 06 January 2017 09:52
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Compliance with 7.1.4.2.1 (internal names revocation)
>
>
hods-of-domain-control-validation-dcv
Regards
Robin Alden
Comodo
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
customer requested www.DOMAIN, because that was the case
in which we also added DOMAIN into the SAN.
No certificates were issued for *.[tld]
Regards
Robin Alden
Comodo
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
o their
policy regardless of whether the CA/B has ratified it by then.
Comodo will have implemented some or all of the new validation methods
described in Ballot 169 before 1 March 2017.
Comodo will be withdrawing any and all validation methods which do not
conform with Ballot 169, and/or which rely o
Gervase Markham, on 04 October 2016 07:10, said..
> Thank you for this report.
>
> On 27/09/16 02:07, Robin Alden wrote:
> > When we use an 'agreed-upon change to website' method to prove
> domain
> > control, we consider proof of control of 'www.' as also
> > provi
d it was
approved and published on 19th October.
I apologize for the tardy production and release of our report.
Referring to the release of our report rather than our internal response to
the report we received, there were too many fingers in this particular pie
and that made for a slow relea
estrictions on the use of that
information) are offered.
Robin Alden
Comodo CA Ltd.
[1] https://crt.sh/?id=47045653
[2] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.1.pdf
[3]
http://www.heise.de/newsticker/meldung/Zertifikats-Klau-Fatale-Sehschwaeche-
bei-Comodo-3354229.html
sm
.
That certificate (https://crt.sh/?id=34242572) was revoked yesterday morning.
We will issue a report tomorrow (26th September).
Regards
Robin Alden
Comodo
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+robin=comodo@lists.mozilla.org] On Behalf
Hi Nick,
Sorry for the slow reply.
> -Original Message-
> From: Nick Lamb
> Sent: 30 July 2016 00:04
> To: mozilla-dev-security-pol...@lists.mozilla.org
>
> Hi Robin,
>
> On Friday, 29 July 2016 18:54:56 UTC+1, Robin Alden wrote:
> >
Enterprise's policy in regard
to the approval of issuance of certificates for its domains being up to
scratch.
Regards
Robin Alden
Comodo
smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lis
our policy
obligations.
Regards
Robin Alden
Comodo
This email has also been posted to pub...@cabforum.org
<mailto:pub...@cabforum.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozil
Peter said..
> While I realize that it is not clear cut in many contexts, RFC 5280 is
> rather clear cut. The authors clearly wanted to avoid stumbling and
> being eaten by a grue, so they wrote:
>
>When the subjectAltName extension contains a domain name system
>label, the domain name
not acquired a root from Comodo.
Regards
Robin Alden
Comodo
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Peter Gutmann said..
I was using IT news stories as the source, e.g. IDG's 'Secure'
advertising
tool PrivDog compromises HTTPS security:
Instead, the problem was tracked down to another advertising-related
application called PrivDog, which was built with the involvement of
Comodo's
Peter Gutmann said..
Daniel Micay danielmi...@gmail.com writes:
CNNIC is known to have produced and distributed malware
for the purpose of mass surveillance and censorship.
TeliaSonera aided totalitarian governments, Comodo provided
the PrivDog MITM software, and that's just the first
@ 7.6%
administrator@ 7.5%
postmaster@ 4.5%
Regards
Robin Alden
Comodo
smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org
Robin said..
Of all email-based domain control validation we perform those email
addresses (on the same domain being applied for) are used as
follows:
admin@ 33.9%
hostmaster@ 7.8%
webmaster@ 7.6%
administrator@ 7.5%
postmaster@ 4.5%
to 'unsuspend'. You can't transition
back from 'revoked' to valid.
http://www.ietf.org/rfc/rfc5280.txt
3.3. Revocation
...
An entry MUST NOT be removed
from the CRL until it appears on one regularly scheduled CRL issued
beyond the revoked certificate's validity period.
Regards
Robin Alden
Hi Gerv,
I can send out a million client certificates for negligible
cost.
That is especially attractive cost-wise for an existing system that I
have to increase the security of (say over username and password), but
which has not been identified as needing 2 factor authentication.
The posts to this thread by Robin Alden (me), Moudrick Dadashov, and
Kyle Hamilton didn't make it to the Google Groups view.
This isn't a complaint so much as a heads-up, that the google groups
view of the list is broken and if you rely on the Google Groups view you
are missing out on parts
+1
Robin
-Original Message-
From: Jeremy Rowley [mailto:jeremy.row...@digicert.com]
Sent: 23 July 2014 16:05
To: 'Moudrick M. Dadashov'; 'Robin Alden'; 'Gervase Markham';
nick.l...@lugatech.com; mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Proposal: Advocate to get
35 matches
Mail list logo