-Original Message-
> From: dev-security-policy On
> Behalf Of Tomas Gustavsson via dev-security-policy
> Sent: Friday, October 4, 2019 1:45 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: OCSP responder support for SHA256 issuer identifier info
>
&
I was pointed to this interesting discussion. We were forced to support
requests with SHA256 in CertID back in 2014. Not for any relevant security
reasons, just because some stubborn auditors saw a red flag on the mentioning
of SHA-1.
We've implemented it by having both hashes in the lookup
On Friday, August 30, 2019 at 8:58:17 PM UTC+2, Ryan Sleevi wrote:
> On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy <
> Despite all of the writing above, I'm too lazy to copy/paste my comment
> from the Let's Encrypt issue, but I would hope any CA contemplating things
>
fusing imo.
> ____
> From: dev-security-policy on
> behalf of Tomas Gustavsson via dev-security-policy
>
> Sent: Saturday, August 31, 2019 9:00:08 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
>
> Subject: Re: 2019.08.2
ntent to issue’ is fulfilled.
>
> Note that even if you argue that “revoked”, “invalid”, or “unknown” are
> appropriate, the RFC still permits “good” as a response because no
> certificates with that serial number are revoked. Good is the safe answer.
Was there not a plan in CABF on allowing una
Hi,
I find and hear a few non conclusive, sometimes contradictory, messages about
OCSP responder handling of pre-certificates without final certificates. Reading
this thread I don't find a firm conclusion either (albeit I may have missed it).
I'm not saying anything others have not said before,
Hi,
It might have been found, but there's a good chance it would have been bypassed
anyhow. Since it was not a bug in the code, you would have to had analyzed it
in the context of the discussions around b164, which I think there are probably
very few people who could/would. I may be wrong, and
Hi,
As others have already pointed out the subject in this thread is incorrect.
There are no, and has never been any, 63 bit serial numbers created by EJBCA.
As the specific topic has already been discussed, I just wanted to reference to
the post[1] with technical details, if anyone ends up
8 matches
Mail list logo