Re: GlobalSign BR violation

On 04/04/2017 22:25, Doug Beattie wrote: -Original Message- From: dev-security-policy [mailto:dev-security-policy- bounces+doug.beattie=globalsign@lists.mozilla.org] On Behalf Of Nick Lamb via dev-security-policy I have a question: These certificates appear to be not only forbidde

RE: GlobalSign BR violation

> -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+doug.beattie=globalsign@lists.mozilla.org] On Behalf Of Nick > Lamb via dev-security-policy > > I have a question: These certificates appear to be not only forbidden by the > BRs > but also techn

Re: GlobalSign BR violation

On Tuesday, 4 April 2017 16:31:10 UTC+1, douglas...@gmail.com wrote: > How this happened: Thanks Doug, I have a question: These certificates appear to be not only forbidden by the BRs but also technically unlikely to function as desired by the subscriber. Did any customers report problems whic

Re: GlobalSign BR violation

On 04/04/17 16:31, douglas.beat...@gmail.com wrote: > Attachment was stripped, here it the content: Thanks Doug. Unless anyone sees something particularly problematic here, I think we can call this incident closed. Gerv ___ dev-security-policy mailing

Re: GlobalSign BR violation

Attachment was stripped, here it the content: GlobalSign BR violation: EV Certificate with dNSName containing a space On February 26, 2017, we received a report that there were multiple SANs in an EV SSL Certificate that contained a space within it. Spaces are not permitted characters, per

Re: GlobalSign BR violation

On Tuesday, April 4, 2017 at 8:19:28 AM UTC-7, Doug Beattie wrote: > Here is the incident report for this reported issue. I don't see anything attached or linked? ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mo

RE: GlobalSign BR violation

rsday, March 16, 2017 6:57 AM > To: D B ; mozilla-dev-security- > pol...@lists.mozilla.org > Subject: Re: GlobalSign BR violation > > On 28/02/17 20:02, douglas.beat...@gmail.com wrote: > > And lastly this ticket. The Domain name was validated in accordance > > with the BR

Re: GlobalSign BR violation

On 28/02/17 20:02, douglas.beat...@gmail.com wrote: > And lastly this ticket. The Domain name was validated in accordance > with the BRs, but there was a bug that allowed a user entered space > to be included in some of the SAN values. While the value is not > compliant with RFC 5280 or the BRs,

Re: GlobalSign BR violation

On 28/02/17 20:02, douglas.beat...@gmail.com wrote: > Suspicious Test certificate > https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/-gaS1p3vrXc > > I provided a formal response in that thread that I believe closes > this issue. I still have an outstanding question. > And last

Re: GlobalSign BR violation

On Tue, Feb 28, 2017 at 12:02 PM, douglas.beattie--- via dev-security-policy wrote: > Ryan, > > GlobalSign certificate issuance has been referenced in several different > threads recently and I think most of them are closed; however, if you feel > otherwise, let me know. > Hi Doug, Right, I rea

Re: GlobalSign BR violation

Ryan, GlobalSign certificate issuance has been referenced in several different threads recently and I think most of them are closed; however, if you feel otherwise, let me know. Suspicious Test certificate https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/-gaS1p3vrXc I provide

Re: GlobalSign BR violation

On Tue, Feb 28, 2017 at 8:53 AM, douglas.beattie--- via dev-security-policy wrote: > > Yes, we're working to do just this now. While that's good and well, I do hope GlobalSign will produce an incident report regarding this matter, as to how the situation in https://groups.google.com/d/msg/mozil

Re: GlobalSign BR violation

On Monday, February 27, 2017 at 4:05:09 PM UTC-5, Jakob Bohm wrote: > On 27/02/2017 01:53, Itzhak Daniel wrote: > > How those lines are parsed? what happens when a client reaches a > > whitespace? Will this allow 'vietnamairlines.com' to use 'owa', 'mail' and > > 'autodiscover' in their internal

Re: GlobalSign BR violation

On 27/02/2017 01:53, Itzhak Daniel wrote: How those lines are parsed? what happens when a client reaches a whitespace? Will this allow 'vietnamairlines.com' to use 'owa', 'mail' and 'autodiscover' in their internal infrastructure? Programs don't parse the text lines from the crt.sh website.

Re: GlobalSign BR violation

On Monday, 27 February 2017 00:53:46 UTC, Itzhak Daniel wrote: > How those lines are parsed? what happens when a client reaches a whitespace? > Will this allow 'vietnamairlines.com' to use 'owa', 'mail' and 'autodiscover' > in their internal infrastructure? Because they're dnsNames a correctly

Re: GlobalSign BR violation

How those lines are parsed? what happens when a client reaches a whitespace? Will this allow 'vietnamairlines.com' to use 'owa', 'mail' and 'autodiscover' in their internal infrastructure? ___ dev-security-policy mailing list dev-security-policy@lists.

Re: GlobalSign BR violation

On Sat, Feb 25, 2017 at 11:22:18AM -0800, Roland Bracewell Shoemaker via dev-security-policy wrote: > It appears GlobalSign has issued an EV certificate containing dNSNames > which include spaces which are non-valid DNS characters. This is a > violation of CABF Baseline Regulations Sections 7.1.4.

GlobalSign BR violation

It appears GlobalSign has issued an EV certificate containing dNSNames which include spaces which are non-valid DNS characters. This is a violation of CABF Baseline Regulations Sections 7.1.4.2.1. and presumably 3.2.2.4. since there is no way to confirm control of a non-valid DNS name. Pre-certifi