a-dev-security-pol...@lists.mozilla.org
> Subject: Re: Compliance with 7.1.4.2.1 (internal names revocation)
>
> We conducted a search of our databases in September 2016, in which we
> examined every CN and SAN in every certificate still valid at the time.
Each
> CN and SAN was exami
We conducted a search of our databases in September 2016, in which we examined
every CN and SAN in every certificate still valid at the time. Each CN and SAN
was examined to see if it contained no dot or an invalid DNS suffix; if so, the
certificate was classified as an internal server cert and
Thanks for finding this, Nick. We're in the process of revoking the cert you
found, and searching for any others. We'll get back to you when we're done.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
ounces+robin=comodo@lists.mozilla.org] On Behalf Of Nick Lamb
> Sent: 09 January 2017 16:41
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Compliance with 7.1.4.2.1 (internal names revocation)
>
> On Monday, 9 January 2017 14:05:25 UTC, Robin Alden wrote:
> &g
On Monday, 9 January 2017 14:05:25 UTC, Robin Alden wrote:
> Nick,
> Thanks for the heads-up.
> We agree that the certificates you found should have been revoked.
Thank you Robin for investigating this, for your explanation of what happened
and for the sensible response of CT logging and
diligence.
Regards
Robin Alden
Comodo
> -Original Message-
> From: dev-security-policy On Behalf Of Nick Lamb
> Sent: 06 January 2017 09:52
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Compliance with 7.1.4.2.1 (internal names revocation)
>
>
On Saturday, 7 January 2017 23:22:08 UTC, Lewis Resmond wrote:
> May I ask a small offtopic question? How did you examine the certificates? Is
> there a mechanism where you can get all the *.pem files so you can check them
> with a self developed script?
Certificate Transparency logs keep
May I ask a small offtopic question? How did you examine the certificates? Is
there a mechanism where you can get all the *.pem files so you can check them
with a self developed script?
___
dev-security-policy mailing list
On Saturday, 7 January 2017 09:08:21 UTC, Gervase Markham wrote:
> One possibility for the latter two is that Comodo and/or Symantec used
> an algorithm for detecting certs with internal names which was "no
> dots", which wouldn't have turned these up. .local is clearly a local
> domain - RFC
On 03/01/17 18:11, Nick Lamb wrote:
> As mentioned previously I have been working on verifying that CAs
> complied with BR 7.1.4.2.1
Thank you for your vigilance :-)
> Do we care in m.d.s.policy about such deviations? Or only those which
> affect CAs trusted, recently trusted or soon to be
10 matches
Mail list logo
