Your below description raises two questions of general interest (though
not of interest to the Mozilla root program):
1. Will DigiCert establish cross-signatures from the old/historic
Symantec roots to continuing DigiCert roots and subCAs?
2. Will DigiCert continue those Symantec services that
Dear Forum,
since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64
bits of entropy in the serial number.
Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform
have a serial number which includes at least 64 bits of entropy. We informed
the CA-
Dear Forum,
since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least 64
bits of entropy in the serial number.
Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise platform
have a serial number which includes at least 64 bits of entropy. We informed
the CA-Pr
Hi Arno and Martin,
> On Aug 14, 2017, at 11:44, Arno Fiedler wrote:
>
> Dear Forum,
>
> since the 07-07-2017, all new issued D-TRUST TLS-Certificates have at least
> 64 bits of entropy in the serial number.
>
> Since 01-12-2016 D-TRUST TLS certificates requested via our enterprise
> platf
Andrew,
Many thanks for reading and commenting on the policy documents. In
order to clarify and correct the issues which you highlight, new
versions (at version 1.3.2) of both CP and CPS have been published.
A summary of our actions follows. Paragraphs introduced with the text
"" indicate our res
As previously noted on this list, there are two Siemens CAs that have issued
certificates with less than 64 bits of entropy. See
https://misissued.com/batch/6/
The Siemens Issuing CA Internet 2013 is subordinate to a DigiCert-owned
root, and the Siemens Issuing CA Internet 2016 is signed by Quo V
On Mon, 14 Aug 2017 20:27:05 +0100
Neil Dunbar via dev-security-policy
wrote:
> Note that TrustCor is capable of removing SHA-1 as a signature hash on
> OCSP responses, if the community determines it presents risk to the
> relying parties. However, this does raise the risk to some clients
> that
On 11/08/17 16:40, Nick Lamb via dev-security-policy wrote:
On Friday, 11 August 2017 14:19:57 UTC+1, Alex Gaynor wrote:
Given that these were all caught by cablint, has Let's Encrypt considered
integrating it into your issuance pipeline, or automatically monitoring
crt.sh (which runs cablint)
Dear Ryan,
Here is an initial, interim response to your email as it relates to
certificates issued by the TI Trust Technologies Global CA. (Jeremy Rowley or
I will be sending you a separate email shortly that reports on this issue with
regard to Cybertrust Japan.) I will supplement this re
Hey Ryan,
Here's the report from CTJ:
Number of affected certificates:
One. After receiving the revocation request from DigiCert, CTJ scanned their
certificate database for additional certificates. This is the only active
certificate with a reserved IP. CTJ issued the g2-sanfull01.ctjssl.in
Hi Arno, Martin,
On Mon, Aug 14, 2017 at 11:37 AM, Arno Fiedler via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> As result we confirm to do the following steps and report about the
> implementation latest until 15-09-2017
> • Contact all effected customers, inform t
Two intermediates issued by AC Camerfirma that are not disclosed in the CCADB
were logged today:
-
https://crt.sh/?sha256=201c0617cc3310c7f29fcbe46b57459bc6786a8ba2753018eb27c1e800168a2e&opt=mozilladisclosure
(issued on 2017-05-25)
-
https://crt.sh/?sha256=247a6d807ff164031e0eb22ca85de329a3a4e
Hi Jakob,
Your below description raises two questions of general interest (though not of
interest to the Mozilla root program):
1. Will DigiCert establish cross-signatures from the old/historic
Symantec roots to continuing DigiCert roots and subCAs?
[JR] We won’t be cross-signing from Digi
On 14/08/2017 21:48, Andrew Ayer wrote:
On Mon, 14 Aug 2017 20:27:05 +0100
Neil Dunbar via dev-security-policy
wrote:
Note that TrustCor is capable of removing SHA-1 as a signature hash on
OCSP responses, if the community determines it presents risk to the
relying parties. However, this does r
On Fri, Aug 11, 2017 at 4:43 PM, identrust--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> > On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy <
> > dev-security-policy@lists.moz
15 matches
Mail list logo