Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

Bonjour, Le lundi 9 janvier 2017 18:02:57 UTC+1, Jeremy Rowley a écrit : > Not many websites, but all of the Belgium ID cards would end up being > revoked. Not exactly. The "Belgium Root CAx" CA certificates issued by Cybertrust would be revoked, but since these CAs also have self-signed

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

I'll go through those in the next day or so and fix the CPS and audit settings. Ben Wilson, JD, CISA, CISSP DigiCert VP Compliance -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of Rob Stradling Sent:

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

It probably should not be same as parent. Ben will update it. -Original Message- From: Rob Stradling [mailto:rob.stradl...@comodo.com] Sent: Monday, January 9, 2017 10:02 AM To: Jeremy Rowley ; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Update

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

On 09/01/17 16:35, Jeremy Rowley wrote: Hi Rob - thanks for following up. The Belgium root was granted an extension by the browsers until January 15th to complete the audit and January 31st to submit the audit report. We are still told they are hosted by Verizon and, considering the audit

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

Not many websites, but all of the Belgium ID cards would end up being revoked. Although Belgium is only issuing client certs, the issuing CA is not technically constrained, meaning a BR, Network security, and standard WebTrust audit is required. We are currently waiting for the results of the

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

On 2017-01-09 17:28, Rob Stradling wrote: On 03/11/16 19:34, Jeremy Rowley wrote: Hi Jeremy. 7. The Belgium government is our biggest challenge in migrating Verizon customers. With over 20 issuing CAs, Belgium has the largest outstanding non-compliant infrastructure. The operators have

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

Hi Rob - thanks for following up. The Belgium root was granted an extension by the browsers until January 15th to complete the audit and January 31st to submit the audit report. We are still told they are hosted by Verizon and, considering the audit progress, I have no reason to doubt this.

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

On 03/11/16 19:34, Jeremy Rowley wrote: Hi Jeremy. 7. The Belgium government is our biggest challenge in migrating Verizon customers. With over 20 issuing CAs, Belgium has the largest outstanding non-compliant infrastructure. The operators have also claimed that revoking their

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

This looks like a very accurate representation of the data protection European regulations. I have the same view. Not so easy to implement but if it is implemented correctly, I think very few people will disagree with the essence of this regulation. Dimitris. -- Sent from my mobile device.

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

On Friday, 4 November 2016 19:37:07 UTC, Jeremy Rowley wrote: > We also like the public disclosures CT requires as its been essential in > identifying issuing CAs and non-compliances. That's probably not a surprise > as we've always strongly supported CT. I do see the need for name redaction

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

Thanks Peter for the questions. The answers are listed below: First, a couple of questions about DigiCert itself. The press release at https://thomabravo.com/2015/10/22/thoma-bravo-completes-acquisition-of-majority-stake-in-digicert/ says that Thoma Bravo acquired a majority stake in DigiCert

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

Hi Jeremy, Thanks for posting this. Mozilla had been concerned for some time about the level of BR compliance of the Verizon-controlled PKI and their seeming difficulties in bringing their many sub-CAs into compliance. When DigiCert approached us when researching the potential acquisition, they

RE: Update on transition of the Verizon roots and issuance of SHA1 certificates

I'm not sure exactly what you are asking. These sub CAs are cross-signs with other entities. DigiCert controls the root, but not the issuing CAs. Except for the ones I listed, they are all WebTrust or ETSI audited so we trust them. They are primarily government, large corporations, and other

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

On Thu, Nov 3, 2016 at 11:28 AM, Jeremy Rowley wrote: > This email is intended to gather public and browser feedback on how we are > handling the transitioning Verizon's customers to DigiCert and share with > everyone the plan for when all non-DigiCert hosted sub CAs

Re: Update on transition of the Verizon roots and issuance of SHA1 certificates

在 2016年11月4日星期五 UTC+8上午3:52:23，Jeremy Rowley写道： > Resent without a signature > > > > Hi everyone, > > > > This email is intended to gather public and browser feedback on how we are > handling the transitioning Verizon's customers to DigiCert and share with > everyone the plan for when

Update on transition of the Verizon roots and issuance of SHA1 certificates

Resent without a signature Hi everyone, This email is intended to gather public and browser feedback on how we are handling the transitioning Verizon's customers to DigiCert and share with everyone the plan for when all non-DigiCert hosted sub CAs will be fully compliant with the BRs