On 2017-12-09 at 08:59 -0700, Wayne Thayer wrote:
> It can be confusing even for people following these things. That's where I
> think collecting problem reporting info from audited sub-CAs in CCADB would
> help.
>
> For everyone else, finding the correct problem reporting information is
> mostly
On 12/09/2017 01:50 AM, Kurt Roeckx via dev-security-policy wrote:
> But it's not obvious to me who to contact to revoke a given
> certifiate, and it would be really useful that given a certificate
> it would be obvious what to do, who to contact, to get it revoked.
Could it be useful to establish
It can be confusing even for people following these things. That's where I
think collecting problem reporting info from audited sub-CAs in CCADB would
help.
For everyone else, finding the correct problem reporting information is
mostly a matter of luck. Perhaps we should require an email address
On Sat, Dec 9, 2017 at 7:50 AM, Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Sat, 9 Dec 2017 09:51:59 +0100
> Hanno Böck via dev-security-policy
> wrote:
>
> > On Fri, 8 Dec 2017 16:43:48 -0700
> > Wayne Thayer via dev-security-policy
> > wrote:
> >
> >
On Sat, 9 Dec 2017 09:51:59 +0100
Hanno Böck via dev-security-policy
wrote:
> On Fri, 8 Dec 2017 16:43:48 -0700
> Wayne Thayer via dev-security-policy
> wrote:
>
> > The root CA is ultimately responsible for subordinate CAs it has
> > signed.
>
> I see a problem with that, as this is far f
On Fri, 8 Dec 2017 16:43:48 -0700
Wayne Thayer via dev-security-policy
wrote:
> The root CA is ultimately responsible for subordinate CAs it has
> signed.
I see a problem with that, as this is far from obvious.
If a random person discovers a problem with a certificate it seems
quite natural t
On Fri, Dec 08, 2017 at 11:55:46PM +0100, Hanno Böck via dev-security-policy
wrote:
> So I wonder: If a CA signs an intermediate - are they responsible
> making sure that reports brought to the subca are properly handled?
My first reaction would be if you sign it, you take
responsibility. That wo
On Fri, Dec 8, 2017 at 3:55 PM, Hanno Böck via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> So I wonder: If a CA signs an intermediate - are they responsible
> making sure that reports brought to the subca are properly handled?
>
> The root CA is ultimately responsible f
Hi,
I guess this is of interest to the members of this list:
https://www.golem.de/news/microsoft-dynamics-365-wildcard-certificate-with-a-private-key-for-everyone-1712-131544.html
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
tl;dr Microsoft
9 matches
Mail list logo