On Friday, May 20, 2016 at 2:39:20 AM UTC-7, Rob Stradling wrote:
> On 19/05/16 21:48, Kathleen Wilson wrote:
> > On Monday, May 16, 2016 at 1:33:40 PM UTC-7, Rob Stradling wrote:
> >> However, ISTM that a "proposed change currently in discussion" is less
> >> authoritative than the CA
On 19/05/16 21:48, Kathleen Wilson wrote:
On Monday, May 16, 2016 at 1:33:40 PM UTC-7, Rob Stradling wrote:
However, ISTM that a "proposed change currently in discussion" is less
authoritative than the CA Communication (which, as I've said, seems to
explicitly require multiple disclosures of
On Monday, May 16, 2016 at 1:33:40 PM UTC-7, Rob Stradling wrote:
> However, ISTM that a "proposed change currently in discussion" is less
> authoritative than the CA Communication (which, as I've said, seems to
> explicitly require multiple disclosures of the same intermediate when
> multiple
On 13/05/16 22:09, Richard Barnes wrote:
Thanks for explaining the specifics, Rob. To restate and check my
understanding, this is a "Y-shaped" scenario, with the following CAs (by
CN):
(1) AddTrust External CA Root (included, owned by Comodo)
(2) UTN-USERFirst-Hardware (included, owned by
On Fri, May 13, 2016 at 10:48 PM, Nick Lamb wrote:
> On Friday, 13 May 2016 21:02:25 UTC+1, Rob Stradling wrote:
> > If it were up to me, I would...
> >1. Require https://crt.sh/?id=1790 to be disclosed precisely once, by
> > Web.com, because the chain up to Web.com's
On Friday, 13 May 2016 21:02:25 UTC+1, Rob Stradling wrote:
> If it were up to me, I would...
>1. Require https://crt.sh/?id=1790 to be disclosed precisely once, by
> Web.com, because the chain up to Web.com's Built-in Root is the shortest
> chain.
>2. Hold both Web.com and Comodo
On 13/05/16 19:59, Richard Barnes wrote:
IIUC, that last sentence is saying that multiple disclosures are
required (one disclosure per root to which the intermediate chains).
Have I misread it?
No, I agree with you. If two certs have different issuers, they're
different certs, so
On Fri, May 13, 2016 at 3:28 PM, Kurt Roeckx wrote:
> On 2016-05-13 14:41, Richard Barnes wrote:
>
>> IIRC, the disclosure requirement is in terms of certificates, and the
>> disclosure responsibility is on the issuing CA. So you would have one
>> disclosure per certificate, and
Kathleen,
Some NSS built-in roots are cross-certified by other built-in roots.
When an intermediate cert chains to multiple roots, does it need to be
disclosed multiple times (once for each root)?
Or, if it only needs to be disclosed once, then how should we determine
which CA is
9 matches
Mail list logo