While a certain amount of latency in OCSP updates is expected when a
certificate is first issued or revoked, KIR intended this to be a permanent
"unknown" status for a revoked certificate. My conclusion from this
discussion is that such a policy is not permitted, and the existing
requirements are e
On Friday, February 1, 2019 at 11:38:40 PM UTC+1, Kurt Roeckx wrote:
> On Fri, Feb 01, 2019 at 03:02:17PM -0700, Wayne Thayer wrote:
> > It was pointed out to me that the OCSP status of the misissued certificate
> > that is valid for over 5 years is still "unknown" despite having been
> > revoked a
Im Auftrag von Kurt Roeckx via dev-security-policy
> > Gesendet: Freitag, 1. Februar 2019 23:38
> > An: Wayne Thayer
> > Cc: mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>
> > Betreff: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR
mas; Registered offices: Berlin and
> Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300,
> Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
>
> > -Ursprüngliche Nachricht-
> > Von: dev-security-policy
> Im Auftrag von Kurt Roeckx via dev-security-policy
>
m
> Auftrag von Kurt Roeckx via dev-security-policy
> Gesendet: Freitag, 1. Februar 2019 23:38
> An: Wayne Thayer
> Cc: mozilla-dev-security-policy
>
> Betreff: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
>
> On Fri, Feb 01, 2019 at 03:02:17PM
On Fri, Feb 01, 2019 at 03:02:17PM -0700, Wayne Thayer wrote:
> It was pointed out to me that the OCSP status of the misissued certificate
> that is valid for over 5 years is still "unknown" despite having been
> revoked a week ago. I asked KIR about this in the bug [1] and am surprised
> by their
It was pointed out to me that the OCSP status of the misissued certificate
that is valid for over 5 years is still "unknown" despite having been
revoked a week ago. I asked KIR about this in the bug [1] and am surprised
by their response:
This certificate is revoked on CRL. Because the certificate
On 2019-01-29 1:29, Wayne Thayer wrote:
Piotr just filed an incident report on the misissuance that was reported on
18-January: https://bugzilla.mozilla.org/show_bug.cgi?id=1523186
I guess this part is not very clear to me:
> We identified and removed from system the registration policy that
>
Piotr just filed an incident report on the misissuance that was reported on
18-January: https://bugzilla.mozilla.org/show_bug.cgi?id=1523186
The report discloses another misissuance that occurred during testing,
resulting in a serverAuth certificate with a duration of over 5 years.
On Sun, Jan 27
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the q
On 18/01/2019 19:21, piotr.grabow...@kir.pl wrote:
W dniu piątek, 18 stycznia 2019 18:44:23 UTC+1 użytkownik Jakob Bohm napisał:
On 17/01/2019 21:12, Wayne Thayer wrote:
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
Hello Wayne,
I am very sorry for the delay. Pleas
W dniu poniedziałek, 8 października 2018 19:14:09 UTC+2 użytkownik Wayne Thayer
napisał:
> Thank you for the incident report. I have posted it to the bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1495497
>
> On Mon, Oct 8, 2018 at 8:25 AM piotr.grabowski--- via dev-security-policy <
> dev-s
W dniu poniedziałek, 8 października 2018 19:14:09 UTC+2 użytkownik Wayne Thayer
napisał:
> Thank you for the incident report. I have posted it to the bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1495497
>
> On Mon, Oct 8, 2018 at 8:25 AM piotr.grabowski--- via dev-security-policy <
> dev-s
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the q
W dniu piątek, 18 stycznia 2019 18:44:23 UTC+1 użytkownik Jakob Bohm napisał:
> On 17/01/2019 21:12, Wayne Thayer wrote:
> > Hello Piotr,
> >
> > On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> > wrote:
> >
> >> Hello Wayne,
> >>
> >>
> >>
> >> I am very sorry for the delay. Please find below
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the q
On 17/01/2019 21:12, Wayne Thayer wrote:
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
Hello Wayne,
I am very sorry for the delay. Please find below our answers to Ryan's
questions. Regarding the question why we didn't report this misissuance
of this 1 certificate as
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
> Hello Wayne,
>
>
>
> I am very sorry for the delay. Please find below our answers to Ryan's
> questions. Regarding the question why we didn't report this misissuance
> of this 1 certificate as separate incident in my opinion
Rozliczeniowa S.A.
ul. rtm. W. Pileckiego 65
02-781 Warszawa
Tel. +48 22 545 56 76
Tel. +48 507 024 083
From: Wayne Thayer
Sent: Thursday, January 17, 2019 12:55 AM
To: Ryan Sleevi
Cc: Grabowski Piotr ; mozilla-dev-security-policy
Subject: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR v
>>
>> TODO:
>>
>> - Keep exerting pressure on Verizon to deliver:
>>
>> o Policy field size validation – in our opinion it is simple change
>> request and should be delivered ASAP.
>>
>> o native x509lint or zlint feature
>>
>
or zlint feature
>
>
>
>
>
> Piotr Grabowski
> Linia biznesowa podpis elektroniczny
> Krajowa Izba Rozliczeniowa S.A.
> ul. rtm. W. Pileckiego 65
> 02-781 Warszawa
>
> Tel. +48 22 545 56 76
>
> Tel. +48 507 024 083
>
>
>
> *From:* Wayne Thayer
>
5
02-781 Warszawa
Tel. +48 22 545 56 76
Tel. +48 507 024 083
From: Wayne Thayer
Sent: Wednesday, January 09, 2019 9:52 PM
To: Grabowski Piotr
Cc: r...@sleevi.com; mozilla-dev-security-policy
Subject: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
KIR recently misissued
12, 2018 at 8:16 AM Grabowski Piotr
wrote:
> Hello,
>
> My comments in blue.
>
>
> --
> *Od:* Ryan Sleevi
> *Wysłane:* czwartek, 11 października 2018 04:53
> *Do:* Grabowski Piotr
> *DW:* Wayne Thayer; mozilla-dev-security-policy
>
Hello,
My comments in blue.
Od: Ryan Sleevi
Wysłane: czwartek, 11 października 2018 04:53
Do: Grabowski Piotr
DW: Wayne Thayer; mozilla-dev-security-policy
Temat: Re: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
On Wed, Oct 10, 2018 at 4:33 PM
On Wed, Oct 10, 2018 at 4:58 PM Grabowski Piotr
wrote:
> Hello Ryan,
>
>
> In the design of this template, one of the concerns was about
> understanding *how* a problem happened, not just how a CA responded. This
> is why it includes text such as "This may include events before the
> incident was
On Wed, Oct 10, 2018 at 4:33 PM Grabowski Piotr via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hello Wayne,
>
> - Is the new dual control process documented in a manner that will be
> auditable by your external auditors?
>
> Yes, the new dual control process is already
Sleevi
Wysłane: wtorek, 9 października 2018 02:25:27
Do: Grabowski Piotr
DW: mozilla-dev-security-policy
Temat: Re: 46 Certificates issued with BR violations (KIR)
On Mon, Oct 8, 2018 at 11:25 AM piotr.grabowski--- via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org>>
wrote
2018 23:45:39
Do: Grabowski Piotr
DW: mozilla-dev-security-policy
Temat: Re: Odp.: 46 Certificates issued with BR violations (KIR)
On Tue, Oct 9, 2018 at 5:30 AM Grabowski Piotr
mailto:piotr.grabow...@kir.pl>> wrote:
Hello Wayne,
Please find our comments below:
So far the process for
ify these problems.
Also, please respond to Ryan's email questioning how this happened.
- Wayne
>
>
>
>
Best Reagrds
> Piotr Grabowski
> --
> *Od:* Wayne Thayer
> *Wysłane:* poniedziałek, 8 października 2018 19:13:46
> *Do:* Grabowski Pi
ent response to incident?
Best Reagrds
Piotr Grabowski
Od: Wayne Thayer
Wysłane: poniedziałek, 8 października 2018 19:13:46
Do: Grabowski Piotr
DW: mozilla-dev-security-policy
Temat: Re: 46 Certificates issued with BR violations (KIR)
Thank you for the incident
>
> On Mon, Oct 8, 2018 at 4:06 PM Nick Lamb via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On Mon, 8 Oct 2018 03:43:53 -0700 (PDT)
>> "piotr.grabowski--- via dev-security-policy"
>> wrote:
>>
>> > We have by the way question about error: ERROR: The 'Organization
>>
On Mon, Oct 8, 2018 at 11:25 AM piotr.grabowski--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Here's the incident report:
>
> 1.How your CA first became aware of the problem (e.g. via a problem
> report submitted to your Problem Reporting Mechanism, via a
>
> dis
On Mon, 8 Oct 2018 03:43:53 -0700 (PDT)
"piotr.grabowski--- via dev-security-policy"
wrote:
> We have by the way question about error: ERROR: The 'Organization
> Name' field of the subject MUST be less than 64 characters. According
> to https://www.ietf.org/rfc/rfc5280.txt and the note from this
Thank you for the incident report. I have posted it to the bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1495497
On Mon, Oct 8, 2018 at 8:25 AM piotr.grabowski--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Here's the incident report:
>
> 1.How your CA first
Here's the incident report:
1.How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, via a
discussion in mozilla.dev.security.policy, or via a Bugzilla bug), and the
date.
Email from Wayne Thayer Oct 1, 2018
2.A
Here's the incident report:
1.How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, via a discussion in
mozilla.dev.security.policy, or via a Bugzilla bug), and the date.
Email from Wayne Thayer Oct 1, 2018
2.A t
36 matches
Mail list logo