On Fri, Feb 24, 2017 at 4:51 PM, Ryan Sleevi wrote:
>
>
> On Wed, Feb 22, 2017 at 8:32 PM, Ryan Sleevi wrote:
>
>> Hi Steve,
>>
>> Thanks for your continued attention to this matter. Your responses open
>> many new and important questions and which give serious
On Monday, February 27, 2017 at 11:04:53 AM UTC-5, Gervase Markham wrote:
> Hi Doug,
>
> On 15/02/17 17:09, Gervase Markham wrote:
> > But currently GlobalSign employees still are?
> >
> > If so, can you help us understand why that's necessary? Given that you
> > control the domains used for
On Tuesday, 28 February 2017 12:29:30 UTC, Itzhak Daniel wrote:
> I also would like to have an official reply from GlobalSign saying that "on
> the date they issue the certificate the domain exists".
Doug/ GlobalSign has responded but I'll mention here that lists of recently
abandoned domain
On Tuesday, 28 February 2017 16:00:47 UTC, Nick Lamb wrote:
> e.g. http://domaingraveyard.com/list/2016-05-10.txt
Typical, I posted that and then I checked from another browser and it now gives
an access error. Anyway, there are others of the same ilk out there, these
names (at least some of
On 27/02/17 21:41, Ryan Sleevi wrote:
> During a past discussion of precertificates, at
> https://groups.google.com/d/msg/mozilla.dev.security.policy/siHOXppxE9k/0PLPVcktBAAJ
> , Mozilla did not discuss whether or not it considered
> precertificates misissuance, although one module peer (hi! it's
On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> I think that without more evidence we must assume that GlobalSign
> validated this domain correctly at a time when it existed.
There are many more test*.* domains, non of those (about 10) I checked exist. I
will compose
On 26/02/17 00:50, Itzhak Daniel wrote:
> I talked with Ofer from Incapsula, he said the domain exist at some
> point; Someone have access to domain tools or other tool to verify
> this matter? Based on domaintools I can say the domain did exist but
> I can't tell when it cease to exist.
I think
Ryan H,
On 23/02/17 04:40, Peter Bowen wrote:
> Both Gerv and I posted follow up questions almost two weeks ago. I
> know you have been busy with CT days. When do you expect to have
> answers available?
Ping? :-)
Gerv
___
dev-security-policy
On Tuesday, February 28, 2017 at 7:29:30 AM UTC-5, Itzhak Daniel wrote:
> On Tuesday, February 28, 2017 at 1:38:25 PM UTC+2, Gervase Markham wrote:
> > I think that without more evidence we must assume that GlobalSign
> > validated this domain correctly at a time when it existed.
>
> There are
On Tuesday, February 28, 2017 at 6:00:47 PM UTC+2, Nick Lamb wrote:
> This is useful independent evidence that (at least some of) the names did
> exist at one time.
The problem is that they're "re-keying" certificates for domains that are no
longer in control of their subscribers (as Andrew
On Friday, February 24, 2017 at 5:12:43 PM UTC-8, Peter Bowen wrote:
> "auditing standards that underlie the accepted audit schemes found in
> Section 8.1"
>
> This is obviously a error in the BRs. That language is taken from
> Section 8.1 and there is no list of schemes in 8.1.
>
> 8.4 does
On Tue, Feb 28, 2017 at 8:53 AM, douglas.beattie--- via dev-security-policy
wrote:
>
> Yes, we're working to do just this now.
While that's good and well, I do hope GlobalSign will produce an incident
report regarding this matter, as to how the situation
On Tue, Feb 28, 2017 at 12:02 PM, douglas.beattie--- via
dev-security-policy wrote:
> Ryan,
>
> GlobalSign certificate issuance has been referenced in several different
> threads recently and I think most of them are closed; however, if you feel
>
13 matches
Mail list logo