Re: New undisclosed intermediates

2017-06-12 Thread Rob Stradling via dev-security-policy
On 08/06/17 14:15, Rob Stradling via dev-security-policy wrote: On 08/06/17 13:24, Kurt Roeckx via dev-security-policy wrote: On 2017-06-08 14:16, Rob Stradling wrote: crt.sh collates revocation information from all known CRL Distribution Point URLs for each CA. The CDP URLs listed at

Re: New undisclosed intermediates

2017-06-12 Thread Jonathan Rudenberg via dev-security-policy
> On Jun 8, 2017, at 05:17, Gervase Markham via dev-security-policy > wrote: > > On 08/06/17 00:42, Jonathan Rudenberg wrote: >> Yet another batch of undisclosed intermediates has shown up in CT: > > Like, seriously? Another one appeared this weekend:

RE: [EXT] Mozilla requirements of Symantec

2017-06-12 Thread Steve Medin via dev-security-policy
> -Original Message- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Wednesday, June 07, 2017 2:51 PM > To: Steve Medin ; mozilla-dev-security- > pol...@lists.mozilla.org > Cc: Kathleen Wilson > Subject: [EXT] Mozilla requirements

Re: [EXT] Mozilla requirements of Symantec

2017-06-12 Thread Nick Lamb via dev-security-policy
On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote: > We think it is critically important to distinguish potential removal of > support for current roots in Firefox versus across NSS. Limiting Firefox > trust to a subset of roots while leaving NSS unchanged would avoid > unintentionally

Re: New undisclosed intermediates

2017-06-12 Thread Ángel via dev-security-policy
On 2017-06-08 at 04:31 -0700, richmoore44--- via dev-security-policy wrote: > This one is interesting since the domain name of the CRL resolves to an RFC > 1918 IP address. Surely that is a violation of the baseline requirements. > >