#2 seems like an obvious "no" to me as, at that point, you're only compounding
a mistake and making that mistake actually usable in the public PKI if you
proceed to issue the certificate. In practice I can't imagine this scenario
coming up much, but the policy shouldn't mandate doing this.
I t
I think (3) shouldn't be considered any different from (1) -- they're only
meaningfully different if you make a lot of assumptions about how it's
stored and transported at every point from when the HSM signs the TBS to
the certificates final resting place (on someone's disk? in their email
inbox? i
That may well be the conclusion, that the benefits of total disclosure outweigh
the costs in this type of scenario. I just wanted to point out that there IS a
cost to at least consider. Yes, the certificate might have been seen in
transmission between the CA and the customer, yes the customer
Deloitte Anjin did the WebTrust audit for South Korea GPKI(Government Public
Key Infrastructure).
they audited two organization "Ministry of the Interior" and "Ministry of the
Education"
buy they did not follow CA/B Forum BR..
they issued certificate without domain validaion. ex) www.testssl.co
On Thu, Apr 5, 2018 at 4:08 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 04/04/2018 16:01, Ryan Sleevi wrote:
>
>> On Tue, Apr 3, 2018 at 11:42 AM, Jakob Bohm via dev-security-policy <
>>
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>> On 03/04
The Korea GPKI MOI CA certificates are in the inclusion process. As I noted
in the bug, I've added information on the reported misissuance and OCSP
errors to the inclusion request and I've noted the concerns raised about
the auditor in their CCADB record.
- Wayne
On Thu, Apr 5, 2018 at 10:03 AM,
On Mon, Apr 2, 2018 at 5:15 PM, Wayne Thayer via dev-security-policy
wrote:
> On Mon, Apr 2, 2018 at 4:36 PM, Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>>
>> While Entrust happens to do this, as a relying party, I dislike frequent
>> updates to CP/CPS d
7 matches
Mail list logo