n Behalf Of please please via dev-security-policy
> Sent: Monday, December 17, 2018 5:51 PM
> To: Wayne Thayer
> Cc: MDSP
> Subject: Re: Violation report - Comodo CA certificates revocation delays
>
> A lot of things changes in 3 months it seems. ??
>
> The wording for t
mailto:pleaseiwantt...@hotmail.com>>
Sent: October 11, 2018 19:19
To: Wayne Thayer
Cc: MDSP
Subject: Re: Violation report - Comodo CA certificates revocation delays
I was under the impression that CAs were allowed to remove CRL entries and OCSP
support for expired certificates for some
----
> *From:* please please
> *Sent:* October 11, 2018 19:19
> *To:* Wayne Thayer
> *Cc:* MDSP
> *Subject:* Re: Violation report - Comodo CA certificates revocation delays
>
> I was under the impression that CAs were allowed to remove CRL entries and
> OCSP suppo
yer
Cc: MDSP
Subject: Re: Violation report - Comodo CA certificates revocation delays
I was under the impression that CAs were allowed to remove CRL entries and OCSP
support for expired certificates for some reason. Good to know!
On a slightly-unrelated note, you might also want to poke Co
Friday, October 12, 2018 14:28:47 UTC+2 Robin Alden wrote:
> I understand the OP's concern and will respond to the bug shortly.
Given that 45 days passed now, the internal definition of "shortly" used by
Comodo seems to differ a lot from the common use of the term.
On 19/10/2018 10:42, Ben Laurie wrote:
> On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote:
FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever
signed.>>>
Put it in Trillian? :-)
That had occurred to me. ;-)
Would it be useful?
To be properly useful you would
On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote:
> On 18/10/2018 22:55, Ben Laurie wrote:
> > On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
> >
> > On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> > > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie >
On 18/10/2018 22:55, Ben Laurie wrote:
On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie mailto:b...@google.com>> wrote:
>> This is one of the reasons we also need
On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
> On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
>
> >> This is one of the reasons we also need revocation transparency.
> >
> > As tempting as the buzzword is, and as much
On 12/10/2018 20:01, Rob Stradling wrote:
On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
This is one of the reasons we also need revocation transparency.
As tempting as the buzzword is, and as much as we love motherhood and
On Fri, 12 Oct 2018 at 16:41, Ryan Sleevi wrote:
>
>
> On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
>
>>
>>
>> On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>>> I believe that may be misunderstanding the concern.
>>>
On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie wrote:
>
>
> On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> I believe that may be misunderstanding the concern.
>>
>> Once these certificates expire, there's not a good way to
On 12/10/18 13:53, Jakob Bohm via dev-security-policy wrote:
On 12/10/2018 14:33, Ben Laurie wrote:
This is one of the reasons we also need revocation transparency.
Or just a crt.sh enhancement to remember the previously collected
revocations.
crt.sh already remembers previously collected
On Fri, 12 Oct 2018 at 13:54, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 12/10/2018 14:33, Ben Laurie wrote:
> > On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >> I believe
On 12/10/2018 14:33, Ben Laurie wrote:
On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I believe that may be misunderstanding the concern.
Once these certificates expire, there's not a good way to check whether or
not they were
On Fri, 12 Oct 2018 at 03:16, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I believe that may be misunderstanding the concern.
>
> Once these certificates expire, there's not a good way to check whether or
> not they were revoked, because such revocation
I understand the OP's concern and will respond to the bug shortly.
Regards
Robin Alden
Comodo CA Ltd.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
I believe that may be misunderstanding the concern.
Once these certificates expire, there's not a good way to check whether or
not they were revoked, because such revocation information may be culled
after certificate expiration.
Similarly, if one is looking to verify the claims about revocation
On Thu, Oct 11, 2018 at 11:19:18PM +, please please via dev-security-policy
wrote:
> I was under the impression that CAs were allowed to remove CRL entries and
> OCSP support for expired certificates for some reason. Good to know!
CT logs are not CRLs or OCSP responders, nor do they track
!
Guillaume Fortin-Debigaré
From: Wayne Thayer
Sent: October 11, 2018 13:53
To: pleaseiwantt...@hotmail.com
Cc: MDSP
Subject: Re: Violation report - Comodo CA certificates revocation delays
I just poked Comodo in the bug -
https://bugzilla.mozilla.org/show_bug.cgi?id
e
> earliest expiration date among the affected certificates.
>
> Guillaume Fortin-Debigaré
> --
> *From:* please please
> *Sent:* September 17, 2018 23:39
> *To:* Wayne Thayer
> *Cc:* MDSP
> *Subject:* Re: Violation report - Comodo CA certific
, the earliest expiration
date among the affected certificates.
Guillaume Fortin-Debigaré
From: please please
Sent: September 17, 2018 23:39
To: Wayne Thayer
Cc: MDSP
Subject: Re: Violation report - Comodo CA certificates revocation delays
Good to know, and thank you
...@hotmail.com
Cc: MDSP
Subject: Re: Violation report - Comodo CA certificates revocation delays
I have created a bug and requested a response from Comodo:
https://bugzilla.mozilla.org/show_bug.cgi?id=1492006
As noted, there are no specific requirements regarding how CAs validate
revocation
I have created a bug and requested a response from Comodo:
https://bugzilla.mozilla.org/show_bug.cgi?id=1492006
As noted, there are no specific requirements regarding how CAs validate
revocation requests in the BRs. Every CA may do this however they choose,
so I don't believe there is any action
Hello, I am the domain owner of debigare.com. I would like to make you aware
that Comodo CA took more than 5 days to revoke certificates they had signed for
my domain and subdomains after requesting them to do through their sslabuse
email address, past the 24 hours maximum mentioned in the
25 matches
Mail list logo
