On 09/03/2016 11:02 PM, Percy wrote:
I agree completely that we shouldn't imply fundamental guilt by
association. However, WoSign threatened legal actions against Itzhak
Daniel's disclosure compiled purely from public sources. I just want to
make sure the disclosure was not buried after the
So if I understand correctly, you've published all certificates issued
in 2015 to CT, and any cert with a notBefore of/after July 5th 2016. Is
that correct?
As noted in
https://groups.google.com/d/msg/mozilla.dev.security.policy/Q3zjv95VhXI/p40n2Zv6DAAJ
, this thread has turned up
On Sat, 3 Sep 2016 21:50:51 -0700
Peter Bowen wrote:
> The log entries for the SM2 certificates are
> https://ctlog.wosign.com/ct/v1/get-entries?start=109239=109240;
> crt.sh doesn't have them. The matching serial numbers are
> https://crt.sh/?id=30613201 and
On Sun, Sep 04, 2016 at 02:53:01PM +0200, Kurt Roeckx wrote:
> On Sun, Sep 04, 2016 at 09:49:25AM +, Richard Wang wrote:
> > Hi all,
> >
> > We finished the investigation and released the incidents report today:
> > https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
> >
> >
On Sat, Sep 3, 2016 at 10:11 PM, Richard Wang wrote:
> It is posted, just Peter not find it that I told him the Log id.
Richard,
Thank you for providing the log ids. I am glad to see these are now
logged, but I will point out the log timestamps for these two
certificates
Peter Bowen writes:
>It was brought to my attention that there is another incident.
This is great stuff, it's like watching a rerun of Diginotar. Definitely the
best web soap in the last few weeks...
Peter.
___
Hi all,
We finished the investigation and released the incidents report today:
https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
This report has 20 pages, please let me if you still have any questions, thanks.
This report is just for Incident 0-2, we will release a separate
On 09/02/2016 07:02 PM, Nick Lamb wrote:
On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
Lets speak about relying parties - how does this bug affect you?
As a relying party I am entitled to assume that there is no more than one
certificate signed by a particular issuer with a
On Sun, Sep 04, 2016 at 09:49:25AM +, Richard Wang wrote:
> Hi all,
>
> We finished the investigation and released the incidents report today:
> https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
>
> This report has 20 pages, please let me if you still have any questions,
On Sun, Sep 04, 2016 at 12:04:21PM +0300, Eddy Nigg wrote:
> On 09/02/2016 07:02 PM, Nick Lamb wrote:
> > On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
> > > Lets speak about relying parties - how does this bug affect you?
> > As a relying party I am entitled to assume that there
On Sun, Sep 04, 2016 at 10:05:11AM +0100, Gijs Kruitbosch wrote:
> So if I understand correctly, you've published all certificates issued in
> 2015 to CT, and any cert with a notBefore of/after July 5th 2016. Is that
> correct?
>
>
> As noted in
>
On Sun, Sep 04, 2016 at 09:49:25AM +, Richard Wang wrote:
> Hi all,
>
> We finished the investigation and released the incidents report today:
> https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
In section 2.2 you explain that there is a mail at 9:01 and 9:38,
where I
12 matches
Mail list logo