On Fri, Apr 28, 2017 at 4:16 AM, Richard Wang via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> This Google decision’s problem is some big websites used a domain that not
> listed in Alexa 1M suffered disruption, for example, Qihoo 360’s search
> site and online gaming
"Incomplete understanding"? That's rich.There is no reliance on certs as a protection mechanism. Rather, the use of certs/encryption help to facilitate my bad acts. If I'm doing malvertising I basically must use
On Friday, April 28, 2017 at 1:19:01 AM UTC-7, Richard Wang wrote:
> Hi Ryan,
>
>
>
> For your question “Do you believe that, during the discussions about how to
> respond to WoSign's issues, the scope of impact was underestimated?”, the
> answer is YES.
>
>
>
> After Oct 21 2016, WoSign
I'll be the first to admit that the example I put together is far from ideal. Perhaps a shortcoming is the lack of any explicit mention regarding the knowledge, skill, competence, etc. of the cert requester--or
On Fri, Apr 28, 2017 at 9:48 AM, Peter Kurrasch wrote:
>
> Suppose I want to set up a system to be used for spam, malware
> distribution, and phishing but, naturally, I want to operate undetected.
> First step is to find a (legitimate) server that is already set up and is
> not
Richard,
Did you communicate to your customers over the last 6 months that their
existing certificates may become distrusted? Or did they find out when their
sites stopped working in Chrome?
On Friday, April 28, 2017 at 4:19:01 AM UTC-4, Richard Wang wrote:
> Hi Ryan,
>
>
>
> For your
Hi Ryan,
For your question “Do you believe that, during the discussions about how to
respond to WoSign's issues, the scope of impact was underestimated?”, the
answer is YES.
After Oct 21 2016, WoSign stopped to issue SSL certificates from WoSign root
(to be exactly, maybe few in October,
If the Nets Norway intermediate is technically constrained only to
domains that Nets Norway own or control, I have no problem with leaving
it active.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
8 matches
Mail list logo