Re: DRAFT January 2020 CA Communication

2020-01-21 Thread Kathleen Wilson via dev-security-policy
On 1/7/20 7:00 PM, Wayne Thayer wrote: Please note that the responses for questions 2, 3, and 5 do not yet properly display the date fields that were recently added. This has been fixed, so now the responses to questions 2, 3, and 5 are provided in one report each. Thanks, Kathleen

Re: Entrust-issued certificate with compromised private key.

2020-01-21 Thread Dathan Demone via dev-security-policy
On Tuesday, 21 January 2020 14:07:49 UTC-5, Benjamin Seidenberg wrote: > > One - which appears to remain valid at time of writing - is an OV > > certificate for "routerlogin.com" and variants, which was issued to Netgear > > by Entrust, https://crt.sh/?id=1955992027 > > > > Based on this

Entrust-issued certificate with compromised private key.

2020-01-21 Thread tegeran--- via dev-security-policy
About 24 hours ago, this gist was published to Github: https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9 It details two publicly-trusted certificates whose private keys are present in publicly-available Netgear firmware images. One - which appears to remain valid at time of

Re: Entrust-issued certificate with compromised private key.

2020-01-21 Thread Dathan Demone via dev-security-policy
On Tuesday, 21 January 2020 09:43:53 UTC-5, teg...@gmail.com wrote: > About 24 hours ago, this gist was published to Github: > > https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9 > > It details two publicly-trusted certificates whose private keys are present > in

Re: Entrust-issued certificate with compromised private key.

2020-01-21 Thread Benjamin Seidenberg via dev-security-policy
> One - which appears to remain valid at time of writing - is an OV certificate > for "routerlogin.com" and variants, which was issued to Netgear by Entrust, > https://crt.sh/?id=1955992027 > Based on this tweet (https://twitter.com/FiloSottile/status/1219147543667453953?s=19) from

Re: Audit Reminder Email Summary

2020-01-21 Thread Kathleen Wilson via dev-security-policy
Forwarded Message Subject:Summary of January 2020 Audit Reminder Emails Date: Tue, 21 Jan 2020 20:00:22 + (GMT) From: Mozilla CA Program Manager To: kwil...@mozilla.com Mozilla: Audit Reminder CA Owner: Internet Security Research Group (ISRG) Root

Policy Module Ownership

2020-01-21 Thread Wayne Thayer via dev-security-policy
I have decided to leave Mozilla, effective this Friday. I expect Mozilla to hire a replacement, but that will of course take time. In the interim, I will remain the CA Certificate Policy Module Owner and contribute to the best of my ability in a volunteer capacity. Please feel free to contact me

Re: Policy Module Ownership

2020-01-21 Thread Paul Kehrer via dev-security-policy
This is a sad loss for the community, but thank you for everything you've done these past years! -Paul On Wed, Jan 22, 2020 at 6:10 AM Wayne Thayer via dev-security-policy wrote: > > I have decided to leave Mozilla, effective this Friday. > > I expect Mozilla to hire a replacement, but that