Re: (Possible) DigiCert EV Violation

2017-02-28 Thread Gervase Markham via dev-security-policy
On 27/02/17 21:41, Ryan Sleevi wrote: > During a past discussion of precertificates, at > https://groups.google.com/d/msg/mozilla.dev.security.policy/siHOXppxE9k/0PLPVcktBAAJ > , Mozilla did not discuss whether or not it considered > precertificates misissuance, although one module peer (hi! it's

Re: (Possible) DigiCert EV Violation

2017-02-27 Thread Ryan Sleevi via dev-security-policy
On Mon, Feb 27, 2017 at 2:19 PM, Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The requirements don't specify what to do with this information. I know > our product team interpreted this as part of the validation methods and > exchange of key information,

RE: (Possible) DigiCert EV Violation

2017-02-27 Thread Jeremy Rowley via dev-security-policy
nt: Monday, February 27, 2017 3:12 PM To: Ryan Sleevi <r...@sleevi.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: (Possible) DigiCert EV Violation On Mon, Feb 27, 2017 at 1:41 PM, Ryan Sleevi via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: >

Re: (Possible) DigiCert EV Violation

2017-02-27 Thread Peter Bowen via dev-security-policy
On Mon, Feb 27, 2017 at 1:41 PM, Ryan Sleevi via dev-security-policy wrote: > The EV Guidelines require certificates issued for .onion include the > cabf-TorServiceDescriptor extension, defined in the EV Guidelines, as part of > these certificates. This is

(Possible) DigiCert EV Violation

2017-02-27 Thread Ryan Sleevi via dev-security-policy
The EV Guidelines require certificates issued for .onion include the cabf-TorServiceDescriptor extension, defined in the EV Guidelines, as part of these certificates. This is required by Section 11.7.1 (1) of the EV Guidelines, reading: "For a Certificate issued to a Domain Name with .onion in