Hi Stephen,
Thank you for the correction; I regret the error.
On Tue, Apr 10, 2018 at 8:12 AM Stephen Davidson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> These certificates are compliant with the BR and contain the required
> extKeyUsage values for both id-kp-serve
may be generated
even though the cert is compliant with the BR.
Regards,
Stephen Davidson
QuoVadis
-Original Message-
From: dev-security-policy
On Behalf Of Tim Smith via dev-security-policy
Sent: Saturday, March 31, 2018 7:15 PM
To: Mozilla
Subject: Discovering unlogged ce
On Mon, Apr 9, 2018 at 9:46 AM Daymion Reynolds via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> As an FYI only:
>
> We did review the one cert cited below for term length. The certificate
> was issued in 2013 before the current max term duration was defined. This
> cert
As an FYI only:
We did review the one cert cited below for term length. The certificate was
issued in 2013 before the current max term duration was defined. This cert is
grandfathered in and does not require revocation. In May of this year it
expires.
regards,
Daymion
On Sunday, April 1, 201
Did you submit the ~25K unexpired unlogged certs to CT?
On Sat, Mar 31, 2018 at 6:14 PM, Tim Smith via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi MDSP,
>
> I went looking for corpuses of certificates that may not have been
> previously logged to CT and found some in
On 03/31/2018 09:53 PM, Tim Smith wrote:
> On Sat, Mar 31, 2018 at 6:28 PM, Michael Casadevall via
> dev-security-policy wrote:
> Thanks for taking a look. My understanding of Rapid7's methodology [1,
> 2] is that they knock on well-known ports. The services they emit data
> for are pop3/s (110,
On Sat, Mar 31, 2018 at 6:28 PM, Michael Casadevall via
dev-security-policy wrote:
> Pretty interesting read, and always happy to see more information go
> into CT. One thing I couldn't divine from your data was how did you look
> for non-HTTPS services? Did you port scan and do service discovery,
On 03/31/2018 06:14 PM, Tim Smith via dev-security-policy wrote:
> Hi MDSP,
>
> I went looking for corpuses of certificates that may not have been
> previously logged to CT and found some in the Rapid7 "More SSL" dataset,
> which captures certificates from their scans of non-HTTPS ports for
> TL
I'm currently grabbing certs from Censys's BigQuery extracts and
submitting them to the Argon logs (and Daedalus/Rocketeer for certs
that fall before/after Argon's not-after range).
There's a fair bit of latency in the process; I'm only running this
script weekly (it costs about $4 a pop in BigQue
On Sat, Mar 31, 2018 at 3:26 PM, Kurt Roeckx wrote:
> Have you done the for their other scans?
I haven't. The Rapid7 HTTPS corpus is much larger; I'm not sure my
approach will scale that far and I imagine the new discovery rate will
be lower.
Censys has been interested in submitting new certific
On Sat, Mar 31, 2018 at 10:14:27PM +, Tim Smith via dev-security-policy
wrote:
> Hi MDSP,
>
> I went looking for corpuses of certificates that may not have been
> previously logged to CT and found some in the Rapid7 "More SSL" dataset,
> which captures certificates from their scans of non-HTT
Hi MDSP,
I went looking for corpuses of certificates that may not have been
previously logged to CT and found some in the Rapid7 "More SSL" dataset,
which captures certificates from their scans of non-HTTPS ports for
TLS-speaking services.
I wrote up some findings at
http://blog.tim-smith.us/2018
12 matches
Mail list logo