On Friday, August 18, 2017 at 6:35:23 AM UTC-7, Gervase Markham wrote:
> On 17/08/17 00:18, Kathleen Wilson wrote:
> > == Let’s Encrypt ==
> > RESOLVED (no bug needed)
>
> > == Staat der Nederlandend / PKIoverheid ==
> > RESOLVED (no bug needed)
>
> While the timely responses and performance of
On 17/08/17 00:18, Kathleen Wilson wrote:
> == Let’s Encrypt ==
> RESOLVED (no bug needed)
> == Staat der Nederlandend / PKIoverheid ==
> RESOLVED (no bug needed)
While the timely responses and performance of these CAs is commendable,
it may be worth opening a bug and recording the events and
Filed bug for GoDaddy:
https://bugzilla.mozilla.org/show_bug.cgi?id=1391429
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
> On Aug 16, 2017, at 19:18, Kathleen Wilson via dev-security-policy
> wrote:
>
> Bugs filed...
Hi Kathleen,
It looks like a bug was not created for GoDaddy about these certificates with
invalid dnsNames, containing a space at the beginning of the
On 15/08/17 21:24, Kathleen Wilson wrote:
> Mozilla's Root Store policy says: "CAs MUST follow and be aware of
> discussions in the mozilla.dev.security.policy forum, where Mozilla's
> root program is coordinated."
>
> There is no indication about how frequently a representative of the
> CA must
CA Disig revoked listed non-conforming certificate.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Bugs filed...
== Actalis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390974
== Camerfirma ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390977
== Certinomis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390978
== certSIGN ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390979
==
I will proceed with filing these bugs now.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Updated draft for the Bugzilla Bugs that I will be filing for the problems
listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The following problems have been found in
On Tuesday, August 15, 2017 at 3:53:06 PM UTC-7, Jonathan Rudenberg wrote:
> It would be useful to know when and through what channel the CA learned about
> each of the problems listed. (problem report via email at date/time;
> known/unresolved issue since date; mailing list post at date/time;
> On Aug 15, 2017, at 18:21, Kathleen Wilson via dev-security-policy
> wrote:
>
> Feedback will be appreciated on the following draft for the Bugzilla Bugs
> that I will be filing for the problems listed below.
It would be useful to know when and
> On Aug 15, 2017, at 18:21, Kathleen Wilson via dev-security-policy
> wrote:
>
> Feedback will be appreciated on the following draft for the Bugzilla Bugs
> that I will be filing for the problems listed below.
I think we should ask for the CAs to
Feedback will be appreciated on the following draft for the Bugzilla Bugs that
I will be filing for the problems listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The
dev-security-policy@lists.mozilla.org>
> Data: 15/08/2017 21:59 (GMT+01:00)
> A: r...@sleevi.com
> Cc: mozilla-dev-security-policy
> <mozilla-dev-security-pol...@lists.mozilla.org>, Kathleen Wilson
> <kwil...@mozilla.com>
> Oggetto: Re: Bugzilla Bugs re CA issuanc
On Tue, Aug 15, 2017 at 4:01 PM, Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tuesday, August 15, 2017 at 12:46:36 PM UTC-7, Ryan Sleevi wrote:
> >
> > The requirement for revocation comes from the Baseline Requirements.
> >
> > Could you clarify
On Tuesday, August 15, 2017 at 1:00:04 PM UTC-7, Jonathan Rudenberg wrote:
> It’s worth noting that with the exception of the metadata-only
> subject fields issue, Alex and I have attempted to contact every
> CA listed directly via their public certificate problem reporting channels.
Good
> On Aug 15, 2017, at 15:37, Kathleen Wilson via dev-security-policy
> wrote:
>
> ** Common Name not in SAN
> https://groups.google.com/d/msg/mozilla.dev.security.policy/K3sk5ZMv2DE/4oVzlN1xBgAJ
> It is not clear to me if I need to add this item to the
On Tuesday, August 15, 2017 at 12:46:36 PM UTC-7, Ryan Sleevi wrote:
>
> The requirement for revocation comes from the Baseline Requirements.
>
> Could you clarify your expectations regarding CAs' violation of the
> Baseline Requirements with respect to these issues and Section 4.9.1.1.
Are you
> On Aug 15, 2017, at 15:45, Ryan Sleevi via dev-security-policy
> wrote:
>
> I would note that any CA which does not or has not promptly revoked these
> within 24 hours of contact should, at a minimum, contact all root programs
> that they participate in
On Tue, Aug 15, 2017 at 3:37 PM, Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> I do *NOT* necessarily expect the CAs to revoke all of these certificates.
> I expect the CAs to do a careful analysis of the situation and
> determine/explain whether or
All,
I have gone through the July/August posts in m.d.s.policy in order to determine
which Bugzilla Bugs I should file.
There are two outliers:
~~
** Undisclosed intermediates, or those missing audits
I have been working diligently on intermediate cert disclosures in the CCADB
for many months
21 matches
Mail list logo