Pwn2Own 2016: Chinese Researcher Hacks Google Chrome within 11 minutes
http://www.prnewswire.com/news-releases/pwn2own-2016-chinese-researcher-hacks-google-chrome-within-11-minutes-300237705.html
Best Regards,
Richard
___
dev-security-policy mailing
I'll include Richard Barnes' response to cabfpublic here too, for
completeness:
-- Forwarded message --
From: "Richard Barnes via Public"
Date: Mar 6, 2017 8:58 AM
Subject: Re: [cabfpub] 360 team hacks Chrome
To: "CA/Browser Forum Public Discussion List"
The next stage in the improvement of the Mozilla Root Store Policy is
version 2.4.1. This is version 2.4, but rearranged significantly to have
a more topic-based ordering and structure to it. I have also made
editorial changes to clean up and clarify language, and improved the
Markdown markup.
Sorry, I posted an old news that I just saw it.
Please ignore it.
Best Regards,
Richard
> On 6 Mar 2017, at 21:45, Richard Wang via dev-security-policy
> wrote:
>
> Pwn2Own 2016: Chinese Researcher Hacks Google Chrome within 11 minutes
>
Hi Gerv,
I'm assuming as with previous discussions, you'd like to keep the
discussion on the list.
Overall: I would suggest every "should" be replaced with either a "must" or
a "shall" RFC2119 style, to avoid any "best practice" vs "required mandate"
confusion.
1.1 Scope
Item 2:
Bullet 1:
[Trying to resend without the quoted email to get through the spam filter]
First, let me apologize for the delay in my response, I have had a draft of
this letter in my inbox for a while and have just been unable to get back
to it and finish it due to scheduling conflicts. I promise to address
Ryan,
I appreciate you finally sending responses. I hope you appreciate
that they are clearly not adequate, in my opinion. Please see the
comments inline.
On Mon, Mar 6, 2017 at 6:02 PM, Ryan Hurst wrote:
> First, let me apologize for the delay in my response, I have had a
One more question, in addition to the ones in my prior response:
On Mon, Mar 6, 2017 at 6:02 PM, Ryan Hurst wrote:
> rmh: I just attached two opinion letters from our auditors, I had previously
> provided these to the root programs directly but it took some time to get
>
> Gerv: Which EV OID are you referring to, precisely?
I was referring to the GlobalSign EV Certificate Policy OID
(1.3.6.1.4.1.4146.1.1) but more concretely I meant any and all EV related OIDs,
including the CAB Forum OID of 2.23.140.1.1.
> Gerv: Just to be clear: GlobalSign continues to
9 matches
Mail list logo