On Wednesday, 24 January 2018 06:55:55 UTC+8, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
>
>
On 24/01/18 18:02, Doug Beattie wrote:
> Can we consider this case closed with the action that the VWG will
> propose a ballot that addresses pre and postdating certificates?
Yes. I don't believe anyone has suggested that Globalsign broke a formal
rule, either in the BRs or Mozilla's
...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-future notBefore
>
> Please also consider the practice of having an off-line CA (typically a
> root) pre-issue CRLs, OCSP responses, intermediary CAs and OCSP responder
> certificates for the period un
eattie <doug.beat...@globalsign.com>; mozilla-dev-security-
pol...@lists.mozilla.org
Subject: Re: GlobalSign certificate with far-future notBefore
Hi Doug,
Thanks for the quick response.
On 24/01/18 11:52, Doug Beattie wrote:
In the case below, the customer ordered a 39 month certifi
ling
> <rob.stradl...@comodo.com>; Jonathan Rudenberg
> <jonat...@titanous.com>; mozilla-dev-security-policy
pol...@lists.mozilla.org>
> Subject: RE: GlobalSign certificate with far-future notBefore
>
> Can we consider this case closed with the action that the VWG will prop
On Behalf Of Tim
> Hollebeek via dev-security-policy
> Sent: Wednesday, January 24, 2018 11:49 AM
> To: Rob Stradling <rob.stradl...@comodo.com>; Jonathan Rudenberg
> <jonat...@titanous.com>; mozilla-dev-security-policy pol...@lists.mozilla.org>
> Subject: RE: GlobalSig
> > This incident makes me think that two changes should be made:
> >
> > 1) The Root Store Policy should explicitly ban forward and back-dating
the
> notBefore date.
>
> I think it would be reasonable and sensible to permit back-dating insofar
as it is
> deemed necessary to accommodate
nobody@nowhere.invalid>; mozilla-dev-security-
> > pol...@lists.mozilla.org
> > Subject: Re: GlobalSign certificate with far-future notBefore
> >
> > On 24/01/18 04:57, David E. Ross wrote:
> > > I am not sure about prohibiting forward-dating the notBefore date.
gt; > To: Doug Beattie <doug.beat...@globalsign.com>; mozilla-dev-security-
> > pol...@lists.mozilla.org
> > Subject: Re: GlobalSign certificate with far-future notBefore
> >
> > Hi Doug,
> >
> > Thanks for the quick response.
> >
> > On 24/01/18 11:52
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Wednesday, January 24, 2018 7:00 AM
> To: Doug Beattie <doug.beat...@globalsign.com>; mozilla-dev-security-
> pol...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-
Hi Doug,
Thanks for the quick response.
On 24/01/18 11:52, Doug Beattie wrote:
> In the case below, the customer ordered a 39 month certificate and
> set the notBefore date for 2 months into the future.
Momentary 2017/2018 confusion in my brain had me thinking that this was
further into the
rvase
> Markham via dev-security-policy
> Sent: Wednesday, January 24, 2018 5:05 AM
> To: David E. Ross <nobody@nowhere.invalid>; mozilla-dev-security-
> pol...@lists.mozilla.org
> Subject: Re: GlobalSign certificate with far-future notBefore
>
> On 24/01/18 04:57, David
On 23/01/18 22:55, Jonathan Rudenberg via dev-security-policy wrote:
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date
This incident makes me think that two changes should be made:
1) The Root Store Policy should explicitly ban forward and
On 24/01/18 04:57, David E. Ross wrote:
> I am not sure about prohibiting forward-dating the notBefore date. I
> can picture a situation where an existing site certificate is going to
> expire. The site's administration decides to obtain a new certificate
> from a different certification
Hi Jonathan,
On 23/01/18 22:55, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
Thank you for pointing this out. This
On 1/23/2018 2:55 PM, Jonathan Rudenberg wrote:
> A certificate issued by GlobalSign showed up in CT today with a notBefore
> date of March 21, 2018 and a notAfter date of April 23, 2021, a validity
> period of ~1129 days (more than three years).
>
> https://crt.sh/?id=311477948=zlint
>
> CA/B
16 matches
Mail list logo