On Tue, Mar 17, 2020 at 03:51:13PM +, Tim Hollebeek wrote:
> For what it's worth, while we generally try to accept any reasonable proof
> of key compromise, we have seen quite a large variety of things sent to
> us. This includes people actually sending us private keys in various
> forms, whic
ssion.
>
> Thanks,
> Corey
>
> -Original Message-
> From: dev-security-policy
> On
> Behalf Of Nick Lamb via dev-security-policy
> Sent: Monday, March 2, 2020 2:35 PM
> To: dev-security-policy@lists.mozilla.org
> Cc: Matt Palmer
> Subject: Re: Acceptable fo
sm.
>
>
>
> Thanks,
>
> Corey
>
>
>
> From: Rob Stradling
> Sent: Monday, March 2, 2020 4:31 PM
> To: Nick Lamb ; mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>; Corey Bonnell <
> cbonn...@securetrust.com>
problem-reporting mechanism as
listed in the CPS.
Thanks,
Corey
From: Rob Stradling
Sent: Monday, March 2, 2020 5:06 PM
To: Corey Bonnell ; Nick Lamb ;
mozilla-dev-security-policy
Cc: Matt Palmer
Subject: Re: Acceptable forms of evidence for key compromise
"As an alternati
L" field to the CCADB?
From: Corey Bonnell
Sent: Monday, March 02, 2020 21:38
To: Rob Stradling; Nick Lamb; mozilla-dev-security-policy
Cc: Matt Palmer
Subject: RE: Acceptable forms of evidence for key compromise
Using ACME as the revocation reporting mechanism
Corey
Bonnell via dev-security-policy mailto:dev-security-policy@lists.mozilla.org> >
Sent: 02 March 2020 19:48
To: Nick Lamb mailto:n...@tlrmx.org> >;
mozilla-dev-security-policy mailto:mozilla-dev-security-pol...@lists.mozilla.org> >
Cc: Matt Palmer mailto:mpal...@hezmat
security-policy
; Corey Bonnell
Cc: Matt Palmer
Subject: Re: Acceptable forms of evidence for key compromise
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
"I do th
but ISTM that the WebPKI is
kinda stuck with it now (see RFC8555).
From: dev-security-policy on
behalf of Corey Bonnell via dev-security-policy
Sent: 02 March 2020 19:48
To: Nick Lamb ; mozilla-dev-security-policy
Cc: Matt Palmer
Subject: RE: Acceptable forms of
On Mon, Mar 02, 2020 at 07:48:23PM +, Corey Bonnell wrote:
> I do think there's value in developing some standard mechanism to request
> revocation/demonstrate possession of the private key.
Interestingly, there (more-or-less) is one these days, as part of ACME. It
requires the usual amount
On Mon, Mar 02, 2020 at 07:35:06PM +, Nick Lamb wrote:
> On Mon, 2 Mar 2020 13:48:55 +1100
> Matt Palmer via dev-security-policy
> wrote:
> > In my specific case, I've been providing a JWS[1] signed by the
> > compromised private key, and CAs are telling me that they can't (or
> > won't) work
2, 2020 2:35 PM
To: dev-security-policy@lists.mozilla.org
Cc: Matt Palmer
Subject: Re: Acceptable forms of evidence for key compromise
On Mon, 2 Mar 2020 13:48:55 +1100
Matt Palmer via dev-security-policy
wrote:
> In my specific case, I've been providing a JWS[1] signed by the
> co
On Mon, 2 Mar 2020 13:48:55 +1100
Matt Palmer via dev-security-policy
wrote:
> In my specific case, I've been providing a JWS[1] signed by the
> compromised private key, and CAs are telling me that they can't (or
> won't) work with a JWS, and thus no revocation is going to happen.
> Is this a rea
On Mon, Mar 2, 2020 at 2:07 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > However, I get the feeling that you don’t put much stock into incident
> > reports and browsers dim view of shenanigans. That might be worth
> expanding
> > upon, if you believe t
On Sun, Mar 01, 2020 at 11:14:12PM -0500, Ryan Sleevi wrote:
> On Sun, Mar 1, 2020 at 9:49 PM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > The BRs, in s4.9.1.1, say:
> >
> > > The CA SHALL revoke a Certificate within 24 hours if one or more of the
> > >
On Sun, Mar 1, 2020 at 9:49 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The BRs, in s4.9.1.1, say:
>
> > The CA SHALL revoke a Certificate within 24 hours if one or more of the
> > following occurs:
> >
> > [...]
> > 3. The CA obtains evidence that the
15 matches
Mail list logo