WRT to the deadlines: If the decision is to sync up, I think it's worth noting
that Firefox probably needs to release 2-3 weeks after a Chrome "release date"
to achieve this in practice.
Why? Firefox updates take ~10days from release date to reach previous version
numbers. Chrome _can_ do it
On Wednesday, July 26, 2017 at 12:55:06 AM UTC, David E. Ross wrote:
> Under the Servers tab for Certificate Manager, I see several root
> certificates whose expiration dates have passed. I believe these were
> all marked untrusted at one time. For example, I see six DigiNotar
> certificates,
https://crt.sh/?id=7040227
https://crt.sh/?id=30328289
I am confused for those reasons.
1. the CN of two cerificates are same. So it is not necessary to issue two
certificates in just 2 minutes.
2. second one used SHA1, though is consistent with BR, but first one used
SHA256.
3. first one has
On Tuesday, 1 August 2017 08:39:28 UTC+1, Han Yuwei wrote:
> 1. the CN of two cerificates are same. So it is not necessary to issue two
> certificates in just 2 minutes.
I think the most likely explanation is the difference in signature algorithm,
but it is also not uncommon for subscribers to
On 31/07/17 15:17, Jakob Bohm wrote:
> I am referring to the fact that EV-trust is currently assigned to roots,
> not to SubCAs, at least as far as visible root store descriptions go.
You said the problem was Mozilla-specific; do other root stores not do
it this way?
Gerv
On 28/07/17 07:14, Gervase Markham wrote:
> I would like to make a decision on this matter on or before July 31st,
After listening to the opinions here on m.d.s.p., and consultation
within Mozilla and with our engineering teams, on the matter of when to
distrust various bits of the existing
6 matches
Mail list logo
