On Wed, Feb 14, 2018 at 10:47 AM, Tim Smith via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wednesday, February 14, 2018 at 8:43:19 AM UTC-8, Wayne Thayer wrote:
> > In this particular case, my conclusion is that the existing Mozilla
> > process is working. We have
On Wednesday, February 14, 2018 at 8:43:19 AM UTC-8, Wayne Thayer wrote:
> In this particular case, my conclusion is that the existing Mozilla
> process is working. We have documented a number of issues that when
> considered in aggregate warrant an investigation.
Hi Wayne,
Forgive me if I'm
It seems to me that some CA's hold unanswered Mozilla's questions because they
know that it will not cause any serious consequences. I mean removing a root
certificates from Mozilla Root Store. However, this point of view here seems to
have already been voiced.
On Tue, Feb 13, 2018 at 11:26 PM, Paul Kehrer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On February 14, 2018 at 4:17:16 AM, Wayne Thayer via dev-security-policy (
> dev-security-policy@lists.mozilla.org) wrote:
>
> > The most recent BR audit report for the Visa
On February 14, 2018 at 4:17:16 AM, Wayne Thayer via dev-security-policy (
dev-security-policy@lists.mozilla.org) wrote:
> The most recent BR audit report for the Visa eCommerce Root contains 3
qualifications: http://enroll.visaca.com/WTBR%20eComm.pdf
Does Mozilla have any guidelines or official
> On Feb 13, 2018, at 19:16, Wayne Thayer via dev-security-policy
> wrote:
>
> On Tue, Feb 13, 2018 at 10:49 AM, Jonathan Rudenberg
> wrote:
>
>>
>>> On Sep 19, 2017, at 11:12, Gervase Markham via dev-security-policy <
>>
On Tue, Feb 13, 2018 at 10:49 AM, Jonathan Rudenberg
wrote:
>
> > On Sep 19, 2017, at 11:12, Gervase Markham via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > In the light of this, I believe it is reasonable to discuss the question
> > of
> On Sep 19, 2017, at 11:12, Gervase Markham via dev-security-policy
> wrote:
>
> In the light of this, I believe it is reasonable to discuss the question
> of whether Visa's PKI (and, specifically, the VISA eCommerce Root,
> https://crt.sh/?id=896972 ,
I can confirm that as of this moment the VISA OCSP responders are still
responding GOOD for non-existent certificates. VISA was originally
contacted by me on August 29 so it has now been over 21 days since initial
report.
-Paul
On September 21, 2017 at 9:32:12 PM, Gervase Markham via
Additionally, 13 days ago it was reported to VISA that their OCSP
responder was misconfigured to return "good" responses for non-existent
certificates:
https://bugzilla.mozilla.org/show_bug.cgi?id=1398261
As far as I can see, this is the case for their end-entity certificates,
not just some roots
On 20/09/2017 09:37, Martin Rublik wrote:
On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
https://crt.sh/mozilla-certvalidations?group=version=896972 is a very
informative graph for me -- this is the number of validations
On Wed, Sep 20, 2017 at 12:37 AM, Martin Rublik via
dev-security-policy wrote:
> On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>>
On Tue, Sep 19, 2017 at 5:22 PM, Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> https://crt.sh/mozilla-certvalidations?group=version=896972 is a very
> informative graph for me -- this is the number of validations performed by
> Firefox for certs under this
On Tuesday, September 19, 2017 at 10:13:26 AM UTC-5, Gervase Markham wrote:
> >From the above, we see that Visa only issues certificates to their own
> customers/clients, and not to the public. They believe that this permits
> them to keep confidential details of the certificates which they wish
On 19/09/17 16:27, Peter Bowen wrote:
> I think your statement is a little broad. Every CA only issues
> certificates to themselves and their own customers (or as the BRs call
> them "Subscribers").
Yes, you are right. "Customers" was the wrong word. Perhaps I rather
meant they only issue to
15 matches
Mail list logo