On Tue, Sep 03, 2019 at 06:16:23PM -0700, Kirk Hall via dev-security-policy
wrote:
> However, I did receive authority to post the following statement from
> someone who works for a major browser phishing filter (but without
> disclosing the person's name or company). Here is the authorized
> stat
Dear list,
I have a question about the issuance of the OCSP responder certificates in case
of technically constrained CAs. I apologize for the long introduction, but this
may be an important audit question in the (near) future.
--- BEGIN INTRO ---
I would like to cite five points from the rel
On 2019-09-04 14:14, Matt Palmer wrote:
If EV information is of use in anti-phishing efforts, then it would be best
for the providers of anti-phishing services to team up with CAs to describe
the advantages of continuing to provide an EV certificate. If site owners,
who are presumably smart peo
On Wed, Sep 4, 2019 at 9:47 AM Peter Mate, Erdosi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> My question is the following: is it allowed to issue an OCSP Responder
> certificate with "id-kp-OCSPSigning" EKU from a technically constrained CA
> if the "id-kp-OCSPSignin
I thought that the EKU "id-kp-OCSPSigning" was for the OCSP responder
certificate itself (not the CA that issues the OCSP responder certificate).
I don't think I've encountered a problem before, but I guess it would depend
on the implementation?
-Original Message-
From: dev-security-policy
On Wed, Sep 4, 2019 at 11:06 AM Ben Wilson wrote:
> I thought that the EKU "id-kp-OCSPSigning" was for the OCSP responder
> certificate itself (not the CA that issues the OCSP responder certificate).
> I don't think I've encountered a problem before, but I guess it would
> depend
> on the impleme
On 04/09/2019 17:14, Ryan Sleevi wrote:
> On Wed, Sep 4, 2019 at 11:06 AM Ben Wilson wrote:
>
>> I thought that the EKU "id-kp-OCSPSigning" was for the OCSP responder
>> certificate itself (not the CA that issues the OCSP responder certificate).
>> I don't think I've encountered a problem before,
On Wed, Sep 04, 2019 at 03:50:40PM +0200, Kurt Roeckx via dev-security-policy
wrote:
> On 2019-09-04 14:14, Matt Palmer wrote:
> > If EV information is of use in anti-phishing efforts, then it would be best
> > for the providers of anti-phishing services to team up with CAs to describe
> > the adv
8 matches
Mail list logo