Hi Blake,
On 21/04/17 16:55, blake.mor...@trustis.com wrote:
> Following further discussion with, and guidance from Mozilla, it has
> been determined that the getset.trustis.com certificate issued in
> November 2016 was a mis-issuance. This incident has highlighted an
> ambiguity arising from the
On Thursday, March 16, 2017 at 11:00:51 AM UTC, Gervase Markham wrote:
> Hi Blake,
>
> On 02/03/17 16:26, blake morgan wrote:
> > We have engaged with our external auditors in relation to this and the
> > previous certificate that was reported. Once that activity has concluded we
> > will be pro
On 12/04/17 21:39, uri...@gmail.com wrote:
> Is there an expectation of a resolution of some sort to this matter?
> Also, their most recent audit is apparently overdue (perhaps related to the
> SHA-1 mis-issuance?)
>
> https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/-689uF
Is there an expectation of a resolution of some sort to this matter?
Also, their most recent audit is apparently overdue (perhaps related to the
SHA-1 mis-issuance?)
https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/-689uFoXBwAJ
On Thursday, March 16, 2017 at 7:00:51 AM UT
Hi Blake,
On 02/03/17 16:26, blake.mor...@trustis.com wrote:
> We have engaged with our external auditors in relation to this and the
> previous certificate that was reported. Once that activity has concluded we
> will be providing further information.
Do you have an ETA for this incident repor
On Friday, February 24, 2017 at 11:25:22 PM UTC, Gervase Markham wrote:
> On 24/02/17 08:25, Andrew Ayer wrote:
> > Below is an unrevoked SHA-1 serverAuth certificate for
> > getset.trustis.com issued from this CA with a Not Before date of
> > 2016-11-07.
>
> Blake: you wrote: "As part of the inci
On 24/02/17 08:25, Andrew Ayer wrote:
> Below is an unrevoked SHA-1 serverAuth certificate for
> getset.trustis.com issued from this CA with a Not Before date of
> 2016-11-07.
Blake: you wrote: "As part of the incident handling procedure, Trustis’
security management committee, commissioned a full
On 24/02/17 07:08, blake.mor...@trustis.com wrote:
> Certificates for the HMRC SET Service are issued from the SHA-1 “FPS
> TT Issuing Authority”, which is now only used for this service. The
> replacement server certificate for hmrcset.trustis.com was issued
> from the FPS TT IA, via a manual pro
On Fri, 24 Feb 2017 08:25:25 -0800
Andrew Ayer via dev-security-policy
wrote:
> On Fri, 24 Feb 2017 07:08:54 -0800 (PST)
> "blake.morgan--- via dev-security-policy"
> wrote:
>
> > Trustis has some time ago, migrated all TLS certificate production
> > to SHA-256 Issuing Authorities. The small n
On Fri, 24 Feb 2017 07:08:54 -0800 (PST)
"blake.morgan--- via dev-security-policy"
wrote:
> Trustis has some time ago, migrated all TLS certificate production to
> SHA-256 Issuing Authorities. The small number of previously issued
> SHA-1 TLS certificates issued from “FPS TT”, that had lifetimes
On Monday, February 20, 2017 at 11:50:59 AM UTC, Gervase Markham wrote:
> On 16/02/17 18:26, blake.mor...@trustis.com wrote:
> > Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com
> > and replaced it with a SHA-256 Certificate. This status is reflected
> > in the latest CRL.
>
On 16/02/17 18:26, blake.mor...@trustis.com wrote:
> Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com
> and replaced it with a SHA-256 Certificate. This status is reflected
> in the latest CRL.
Hi Blake,
We are pleased to hear that, but the detail of your report compares
som
On Thu, Feb 16, 2017 at 8:26 PM, blake.morgan--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
>
> Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com and
> replaced it with a SHA-256 Certificate. This status is reflected in the
> latest CRL.
>
Blake,
On Wednesday, February 15, 2017 at 10:02:50 PM UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741&opt=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
Richard Wang via dev-security-policy
writes:
>Check the SSL Labs test:
>https://www.ssllabs.com/ssltest/analyze.html?d=hmrcset.trustis.com, rate F
>that even enabled SSL v2.
Wow, no TLS 1.1 or 1.2, but in its place SSLv2 and v3. Another CA that's so
secure in the fact that it's a legislated ma
Check the SSL Labs test:
https://www.ssllabs.com/ssltest/analyze.html?d=hmrcset.trustis.com, rate F that
even enabled SSL v2.
Best Regards,
Richard
On 16 Feb 2017, at 19:04, Nick Lamb via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org>>
wrote:
On Wednesday, 15 February 20
On Wednesday, 15 February 2017 22:02:50 UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741&opt=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
> SH
This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
EKU and CN=hmrcset.trustis.com:
https://crt.sh/?id=50773741&opt=cablint
It lacks the SAN extension, but that doesn't excuse it from the ban on
SHA-1!
Its issuer is trusted for serverAuth by Mozilla:
https://crt.sh/?caid=9
18 matches
Mail list logo