On 15/05/17 22:08, Michael Casadevall wrote:
> RA & EV:
> Were all the certificates issued by the RAs uploaded to a CT log? If
> not, what, if any, subsets were uploaded?
>
> I'm aware Symantec was required to upload certificates to CT or if it
> was retroactive, but I'm unsure if that requirement
urity-policy
> Sent: Monday, May 15, 2017 3:41 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: [EXT] Re: Draft further questions for Symantec
>
> The link in footnote [1]
> https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t
> 000Gmi3AAC=File__
I took a stab at trying to grok this. I find I have more questions and a
lot more concerns the more I read though. Please let me know if I'm not
the only one having issues decoding the responses. Here's my first
impressions:
RA & EV:
Were all the certificates issued by the RAs uploaded to a CT
urity-policy
> > Sent: Wednesday, May 10, 2017 7:06 AM
> > To: mozilla-dev-security-pol...@lists.mozilla.org
> > Subject: [EXT] Re: Draft further questions for Symantec
> >
> > On 08/05/17 13:24, Gervase Markham wrote:
> > > 8) Please explain how the Man
> Gervase Markham via dev-security-policy
> Sent: Wednesday, May 10, 2017 7:06 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: [EXT] Re: Draft further questions for Symantec
>
> On 08/05/17 13:24, Gervase Markham wrote:
> > 8) Please explain how the Manage
On 08/05/17 13:24, Gervase Markham wrote:
> 8) Please explain how the Management Assertions for your December 2014
Strike this question; it's based on a misunderstanding of how audits are
done.
Let's add:
10) Do you agree that, during the period of time that Symantec
cross-signed the Federal
In addition to requesting disclosure of intermediates that have been (even if
not currently are) able to issue server certs, and the catchall, both of which
seem excellent, I encourage Mozilla to consider asking these questions as part
of an implemented remedy plan.
That is, put in motion
On Monday, May 8, 2017 at 1:24:28 PM UTC+1, Gervase Markham wrote:
> I think it might be appropriate to have a further round of questions to
> Symantec from Mozilla, to try and get some clarity on some outstanding
> and concerning issues. Here are some _proposed_ questions; feel free to
> suggest
It may be necessary to expand that definition to intermediates that were
capable of issuing certificates within the past year (or longer).
On Monday, May 8, 2017 at 9:31:21 AM UTC-4, Alex Gaynor wrote:
> I'm not the best way to phrase this, so please forgive the bluntness, but I
> think it'd be
Thanks Kurt.
Alex
On Mon, May 8, 2017 at 11:22 AM, Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2017-05-08 15:31, Alex Gaynor wrote:
>
>> I'm not the best way to phrase this, so please forgive the bluntness, but
>> I
>> think it'd be appropriate to
I'm not the best way to phrase this, so please forgive the bluntness, but I
think it'd be appropriate to ask at this point if Symantec has disclosed
all necessary intermediates (I believe this would be defined as: chain to
their roots in our trust store, are not expired, are not revoked, and are
On 2017-05-08 14:24, Gervase Markham wrote:
1) Did any of the RAs in your program (CrossCert and co.) have the
technical ability to independently issue EV certificates? If they did
not not, given that they had issuance capability from intermediates
which chained up to EV-enabled roots, what
I think it might be appropriate to have a further round of questions to
Symantec from Mozilla, to try and get some clarity on some outstanding
and concerning issues. Here are some _proposed_ questions; feel free to
suggest modifications or other questions, and I will decide what to send
officially
13 matches
Mail list logo
