Re: Misissued/Suspicious Symantec Certificates

On Wed, Feb 22, 2017 at 8:32 PM, Ryan Sleevi wrote: > Hi Steve, > > Thanks for your continued attention to this matter. Your responses open > many new and important questions and which give serious question as to > whether the proposed remediations are sufficient. To keep this

Re: Misissued/Suspicious Symantec Certificates

"auditing standards that underlie the accepted audit schemes found in Section 8.1" This is obviously a error in the BRs. That language is taken from Section 8.1 and there is no list of schemes in 8.1. 8.4 does have a list of schemes: 1. WebTrust for Certification Authorities v2.0; 2. A national

Re: SHA-1 serverAuth cert issued by Trustis in November 2016

On Fri, 24 Feb 2017 07:08:54 -0800 (PST) "blake.morgan--- via dev-security-policy" wrote: > Trustis has some time ago, migrated all TLS certificate production to > SHA-256 Issuing Authorities. The small number of previously issued > SHA-1 TLS certificates

Re: SHA-1 serverAuth cert issued by Trustis in November 2016

On Monday, February 20, 2017 at 11:50:59 AM UTC, Gervase Markham wrote: > On 16/02/17 18:26, blake.mor...@trustis.com wrote: > > Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com > > and replaced it with a SHA-256 Certificate. This status is reflected > > in the latest CRL. >

Re: SHA-1 serverAuth cert issued by Trustis in November 2016

On 24/02/17 07:08, blake.mor...@trustis.com wrote: > Certificates for the HMRC SET Service are issued from the SHA-1 “FPS > TT Issuing Authority”, which is now only used for this service. The > replacement server certificate for hmrcset.trustis.com was issued > from the FPS TT IA, via a manual