Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-15 Thread Gervase Markham via dev-security-policy
On 15/09/17 13:55, cornelia.enk...@gmail.com wrote: > technically the CA now is disabled to sign certificates using SHA1 But presumably you thought that was true before this incident? (And if not, why not?) Gerv ___ dev-security-policy mailing list

Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-15 Thread cornelia.enke66--- via dev-security-policy
Am Mittwoch, 6. September 2017 22:38:35 UTC+2 schrieb Nick Lamb: > Thanks for writing this incident report. > > The latter of the two certificates was issued after popular web browsers had > ceased accepting SHA-1 as far as I understand it. As a result it seems likely > that it would not have

Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-15 Thread cornelia.enke66--- via dev-security-policy
gt; On 06/09/17 20:38, cornelia.enke66--- via dev-security-policy wrote: > > SwissSign has identified the following incident: > > two Certificate signed with SHA1: Violation BR 7.3.1 > > > > 1) > > During an internal audit on 05.09.2017 we found out that there are two

Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-15 Thread cornelia.enke66--- via dev-security-policy
Am Montag, 11. September 2017 12:38:38 UTC+2 schrieb Gervase Markham: > Hi Connie, > > On 06/09/17 20:38, cornelia.enk...@gmail.com wrote: > > SwissSign has identified the following incident: > > two Certificate signed with SHA1: Violation BR 7.3.1 > > Thank you for t

Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-11 Thread Gervase Markham via dev-security-policy
Hi Connie, On 06/09/17 20:38, cornelia.enk...@gmail.com wrote: > SwissSign has identified the following incident: > two Certificate signed with SHA1: Violation BR 7.3.1 Thank you for this report. There have been a couple of reasonable follow-up questions here in the m.d.s.p. group; cou

Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-06 Thread Nick Lamb via dev-security-policy
Thanks for writing this incident report. The latter of the two certificates was issued after popular web browsers had ceased accepting SHA-1 as far as I understand it. As a result it seems likely that it would not have functioned as expected if a customer deployed it on a Web server. You

Re: Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-06 Thread Rob Stradling via dev-security-policy
incident: two Certificate signed with SHA1: Violation BR 7.3.1 1) During an internal audit on 05.09.2017 we found out that there are two certificates issued after 16.01.2015 and signed with a SHA1 hash. After the discovery of two certificates, the following actions where taken 05.09.2017

Incident Certificate signed with SHA1 Violation BR 7.3.1

2017-09-06 Thread cornelia.enke66--- via dev-security-policy
SwissSign has identified the following incident: two Certificate signed with SHA1: Violation BR 7.3.1 1) During an internal audit on 05.09.2017 we found out that there are two certificates issued after 16.01.2015 and signed with a SHA1 hash. After the discovery of two certificates