On 2019-12-09 11:44, Ben Laurie wrote:
On Wed, 4 Dec 2019 at 22:13, Ryan Sleevi wrote:
Yes, I am one of the ones who actively disputes the notion that AIA
considered harmful.
I'm (plesantly) surprised that any CA would be opposed to AIA (i.e.
supportive of "considered harmful", since it's
t; -Tim
>>
>> > -Original Message-
>> > From: dev-security-policy <
>> dev-security-policy-boun...@lists.mozilla.org>
>> On
>> > Behalf Of Wayne Thayer via dev-security-policy
>> > Sent: Monday, December 2, 2019 3:29 PM
>> >
On Mon, 2 Dec 2019 at 20:28, Wayne Thayer wrote:
> Why not "AIA chasing considered harmful"? The current state of affairs is
> that most browsers [other than Firefox] will go and fetch the intermediate
> if it's not cached. This manifests itself as sites not working in Firefox,
> and users
On Sun, Dec 8, 2019 at 7:14 PM Eric Mill wrote:
> On Thu, Dec 5, 2019 at 12:34 PM Ryan Sleevi via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> From looking at better security, the 'ideal' path is that modern clients
>> are only trusting modern (new) roots, which
On Thu, Dec 5, 2019 at 12:34 PM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> From looking at better security, the 'ideal' path is that modern clients
> are only trusting modern (new) roots, which never issued old crappy certs.
> That is, the path "D -> A
On Thu, Dec 5, 2019 at 10:42 AM Nick Lamb wrote:
> On Wed, 4 Dec 2019 17:12:50 -0500
> Ryan Sleevi via dev-security-policy
> wrote:
>
> > Yes, I am one of the ones who actively disputes the notion that AIA
> > considered harmful.
>
> As not infrequently happens I can't agree with Ryan here. AIA
On Wed, 4 Dec 2019 17:12:50 -0500
Ryan Sleevi via dev-security-policy
wrote:
> Yes, I am one of the ones who actively disputes the notion that AIA
> considered harmful.
As not infrequently happens I can't agree with Ryan here. AIA chasing in
browsers is a non-trivial privacy leak AND doesn't
to be, even among TLS
>> > experts.
>> >
>> > I'm very appreciative of Firefox's efforts in this area. Leveraging the
>> > knowledge of all the publicly disclosed ICAs to improve chain-building
>> is
>> > an
>> > idea whose time has come.
; > > -Original Message-
> > > From: dev-security-policy <
> dev-security-policy-boun...@lists.mozilla.org
> > >
> > On
> > > Behalf Of Wayne Thayer via dev-security-policy
> > > Sent: Monday, December 2, 2019 3:29 PM
> > >
sage-
> > From: dev-security-policy >
> On
> > Behalf Of Wayne Thayer via dev-security-policy
> > Sent: Monday, December 2, 2019 3:29 PM
> > To: Ben Laurie
> > Cc: mozilla-dev-security-policy
> ;
> > Peter Gutmann
> > Subject: Re: [FORGED] Re: How C
Laurie
> Cc: mozilla-dev-security-policy
;
> Peter Gutmann
> Subject: Re: [FORGED] Re: How Certificates are Verified by Firefox
>
> Why not "AIA chasing considered harmful"? The current state of affairs is
that
> most browsers [other than Firefox] will go and fetch
Why not "AIA chasing considered harmful"? The current state of affairs is
that most browsers [other than Firefox] will go and fetch the intermediate
if it's not cached. This manifests itself as sites not working in Firefox,
and users switching to other browsers.
You may be further dismayed to
On Thu, 28 Nov 2019 at 20:22, Peter Gutmann
wrote:
> Ben Laurie via dev-security-policy
> writes:
>
> >In short: caching considered harmful.
>
> Or "cacheing considered necessary to make things work"?
If you happen to visit a bazillion sites a day.
> In particular:
>
> >caching them and
Ben Laurie via dev-security-policy
writes:
>In short: caching considered harmful.
Or "cacheing considered necessary to make things work"? In particular:
>caching them and filling in missing ones means that failure to present
>correct cert chains is common behaviour.
Which came first? Was
14 matches
Mail list logo