Is Trustico's storage of private keys related to this security report from a
few months back (which did not appear to ever have been fully investigated...)?
https://groups.google.com/d/msg/mozilla.dev.security.policy/CEww8w9q2zE/F_bzX1guCQAJ
Does Digicert have (or will it have) some sort of proc
I think QiHoo 360's role does open some questions.
In particular, why would QiHoo 360 shut down efforts by Startcom, run by a
relatively trusted member of the community, Inigo Barreira, to be accepted as a
CA; and instead favor WoTrus, run by Richard Wang, an explicitly UN-trusted
member of the
Why does the document say "Date: 11/07/17" on every page, and the signed pdf
metadata say
2017-09-25T17:14:35-04:00
2017-09-25T17:18:07-04:00
2017-09-25T17:18:07-04:00
On Tuesday, September 26, 2017 at 4:56:36 PM UTC-4, alejand...@gmail.com wrote:
> In the following link you can find the CPS in
Can this be responded to more directly and comprehensively please?
Are there any staff or personnel being shared between WoSign and Startcom?
This includes any staff from (or paid by) Qihoo 360 its subsidiaries,
contractors, or affiliates--does anyone do any work (paid or unpaid) for both
Wosign
Apparently, in at least one case, the certificate was issued directly(!) to
localhost by Symantec.
https://news.ycombinator.com/item?id=14598262
subject=/C=US/ST=Florida/L=Melbourne/O=AuthenTec/OU=Terms of use at
www.verisign.com/rpa (c)05/CN=localhost
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign
The link in footnote [1]
https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t000Gmi3AAC&field=File__Body__s
gives me a 404 error.
On Monday, May 15, 2017 at 11:09:41 AM UTC-4, Steve Medin wrote:
> Gerv,
>
> Our response to the recent questions is posted at:
> https://bugzilla.m
It's useful to note that Outlook 2007 leaves extended support on October 10.
(That deadline has been extended a few times, I believe, but this should be the
final date.)
https://support.microsoft.com/en-us/help/3198497/office-2007-approaching-end-of-extended-support
On Monday, May 15, 2017 at 9
Possibly this is irrelevant, but I have some concerns on how Symantec, it seems
to me, is willfully mischaracterizing their certificate compliance issues in
their prepared remarks to their investors yesterday.[1]
It makes it sound as if there are some generic certificate industry changes
that a
On Monday, May 8, 2017 at 7:21:46 AM UTC-4, okaphone.e...@gmail.com wrote:
> Hi Rick,
>
> I don't see a "May 4th post". Where was it posted? Not here it seems.
It's above--it links to
https://www.symantec.com/connect/blogs/symantec-ca-continues-public-dialogue
>
> Also it's reasonable that S
It may be necessary to expand that definition to intermediates that were
capable of issuing certificates within the past year (or longer).
On Monday, May 8, 2017 at 9:31:21 AM UTC-4, Alex Gaynor wrote:
> I'm not the best way to phrase this, so please forgive the bluntness, but I
> think it'd be a
Richard,
Did you communicate to your customers over the last 6 months that their
existing certificates may become distrusted? Or did they find out when their
sites stopped working in Chrome?
On Friday, April 28, 2017 at 4:19:01 AM UTC-4, Richard Wang wrote:
> Hi Ryan,
>
>
>
> For your quest
Is there an expectation of a resolution of some sort to this matter?
Also, their most recent audit is apparently overdue (perhaps related to the
SHA-1 mis-issuance?)
https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/-689uFoXBwAJ
On Thursday, March 16, 2017 at 7:00:51 AM UT
>Within a few days of discovering these issues they shut down their
>entire RA program. That seems pretty swift and comprehensive to me. The
>fact that they didn't discover these issues for years is clearly a
>problem, but it's not the same problem.
I don't believe that's a fair characterizat
I think page 8 of their manual at least partially explains how and what
"QuickInvite" is. The whole document is rather interesting...
https://www.geotrust.com/geocenter/resources/partnercenter-user-guide.pdf
On Saturday, April 1, 2017 at 6:01:23 AM UTC-4, Nick Lamb wrote:
> On Friday, 31 March 2
> and we don't think our brand is "tarnishing", we are working hard to try to
> regain the trust and confidence in this community.
Wasn't a prerequisite for that process your stepping down as CEO of WoSign?
On Thursday, March 30, 2017 at 9:49:25 PM UTC-4, Richard Wang wrote:
> To be transparen
For what it's worth, this is the latest post on facebook from the researcher.
https://www.facebook.com/cbyrneiv/posts/10155129935452436
The private key storage issue sounds like a reseller tool, like
https://www.thesslstore.com/ssltools/csr-generator.php
and he found the private key was stored wit
https://www.bleepingcomputer.com/news/security/researcher-says-api-flaw-exposed-symantec-certificates-including-private-keys/
Does anyone have further information about this?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
http
On Friday, February 17, 2017 at 10:19:06 PM UTC-5, Ryan Sleevi wrote:
> On Fri, Feb 17, 2017 at 5:17 PM, urijah--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Friday, February 17, 2017 at 7:50:31 PM UTC-5, uri...@gmail.com wrote:
> &g
On Friday, February 17, 2017 at 7:50:31 PM UTC-5, uri...@gmail.com wrote:
> On Friday, February 17, 2017 at 7:23:54 PM UTC-5, Ryan Sleevi wrote:
> > I have confirmed with CPA
> > Canada that at during the 2016 and 2017 periods, EY Brazil was not a
> > licensed WebTrust practitioner, as indicated at
On Friday, February 17, 2017 at 7:23:54 PM UTC-5, Ryan Sleevi wrote:
> I have confirmed with CPA
> Canada that at during the 2016 and 2017 periods, EY Brazil was not a
> licensed WebTrust practitioner, as indicated at [4].
>
> [4]
> http://www.webtrust.org/licensed-webtrust-practitioners-internati
20 matches
Mail list logo