On Wed, May 28, 2014 at 4:42 PM, Ryan Sleevi
ryan-mozdevsecpol...@sleevi.com wrote:
Whether it's version 1 or 3 has no effect on path building. If the policy
does require this, it's largely for cosmetic reasons than any strong
technical reasons.
That said, cutting a new v3 root may involve
On Fri, May 23, 2014 at 11:00:17AM +0200, Matthias Hunstock wrote:
Am 22.05.2014 22:52, schrieb Kurt Roeckx:
So I've added some other strange looking graph about
the 39 and 60 month limit in the BR.
In the section Certificate valid longer than 39 months you state that
According to CA/B
Thanks, Kurt, for sharing!
m...@chemalogo.com
+34 666 429 224 (Spain)
gplus.to/chemalogo
@chemalogo https://twitter.com/chemalogo/
www.linkedin.com/in/chemalogo
Skype: chemalogo
On Tue, May 20, 2014 at 7:03 PM, Kurt Roeckx k...@roeckx.be wrote:
I've been working on checking that certificates
On Tue, May 20, 2014 at 11:23:54AM -0700, Kathleen Wilson wrote:
Maybe we should re-visit the idea of a wall of shame, and publicly list
the CAs who are still issuing certificates with the following problems.
* No Subject alternative name extension
* Fails decoding the character set
*
I've been working on checking that certificates made by the CAs
are following requirements, and how it changes over time. You can
see the results at:
http://www.roeckx.be/certificates/
Kurt
___
dev-security-policy mailing list
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kurt Roeckx
Sent: Tuesday, May 20, 2014 11:03 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Checking certificate requirements
I've been working on checking that certificates made by the CAs
On 5/20/14, 10:03 AM, Kurt Roeckx wrote:
I've been working on checking that certificates made by the CAs
are following requirements, and how it changes over time. You can
see the results at:
http://www.roeckx.be/certificates/
Kurt
Kurt, Great work! Thank you for sharing this analysis!
+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kathleen Wilson
Sent: Tuesday, May 20, 2014 12:24 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Checking certificate requirements
On 5/20/14, 10:03 AM, Kurt Roeckx wrote:
I've been working on checking that certificates made
On 5/20/14, 12:32 PM, Kurt Roeckx wrote:
On Tue, May 20, 2014 at 11:23:54AM -0700, Kathleen Wilson wrote:
On 5/20/14, 10:03 AM, Kurt Roeckx wrote:
Conclusions
Some of CA/Browser forum baseline requirements seems to be getting
adopted good, but there are still some certificates generated that
On Tue, May 20, 2014 at 12:31:14PM -0600, Jeremy Rowley wrote:
I saw that he's contacting CAs about the missing SANs, but what about the
other issues? I'd be very interested in hearing about any non-compliant
certs related to DigiCert (if there are any).
Running a query on all issuers with
Please do!
-Original Message-
From: Kurt Roeckx [mailto:k...@roeckx.be]
Sent: Tuesday, May 20, 2014 2:22 PM
To: Jeremy Rowley
Cc: 'Kathleen Wilson'; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Checking certificate requirements
On Tue, May 20, 2014 at 12:31:14PM -0600
11 matches
Mail list logo
