Re: Taiwan GRCA Root Renewal Request

On Thursday, December 15, 2016 at 10:56:52 AM UTC-8, Brian Smith wrote: > It is important to fix the DoS issue with the path building when there > are many choices for the same subject. SKI/AKI matching only fixes the > DoS issue for benign cases, not malicious cases. Therefore some way of >

Re: Taiwan GRCA Root Renewal Request

On Tuesday, December 13, 2016 at 2:36:15 PM UTC-8, Kathleen Wilson wrote: > Thanks to all of you who have reviewed and commented on this request from > Government of Taiwan, Government Root Certification Authority (GRCA), to > include their renewed Government Root Certification Authority root >

Re: Issuer field in the CRL should be byte-for-byte equivalent with that in cert

On 02/02/2017 00:46, Kathleen Wilson wrote: All, I've added another Potentially Problematic Practice, as follows. https://wiki.mozilla.org/CA:Problematic_Practices#Issuer_Encoding_in_CRL The encoding of the Issuer field in the CRL should be byte-for-byte equivalent with the encoding of the

Re: Useful Heuristics

Nick Lamb writes: >In practice then I think we should try to ask local experts (ie people at >least resident in the relevant country) when trying to judge whether the >Locality and State elements of a Subject DN are acceptable for identifying >the actual Subject unless it

Re: Issuer field in the CRL should be byte-for-byte equivalent with that in cert

On 03/02/2017 05:22, Ryan Sleevi wrote: On Thu, Feb 2, 2017 at 3:59 PM, Jakob Bohm wrote: On 02/02/2017 00:46, Kathleen Wilson wrote: All, I've added another Potentially Problematic Practice, as follows.

Include Renewed Kamu SM root certificate

This request from the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), is to include the “TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1” root certificate, and enable the Websites trust bit. This SHA-256 root certificate will eventually replace the SHA1 “TÜBİTAK UEKAE Kök Sertifika