Re: GoDaddy Misissuance Action Items

Gervase Markham via dev-security-policy schrieb: > 1) As with all CAs, update all their domain validation code to use one > of the 10 approved methods; I'm probably confused regarding BRs pre/post Ballot 181: Aren't there only 4 methods per Ballot 181? Jürgen

Re: question about DNS CAA and S/MIME certificates

Ryan Sleevi via dev-security-policy wrote on 14.05.2018 20:52: And that still moves to an 'insecure-by-default', by making every site operator that has taken steps to actually restrict issuance not have those wishes respected. Today, site operators have taken steps to secure issuance of server

Re: question about DNS CAA and S/MIME certificates

Am 15.05.2018 um 15:01 schrieb Ryan Sleevi: On Tue, May 15, 2018 at 3:53 AM Jürgen Brauckmann wrote: Today, site operators have taken steps to secure issuance of server certificates, following the guidance of the BRs. Email certificates are a different use case with

Re: Policy 2.6 Proposal: Add prohibition on CA key generation to policy

Am 10.04.2018 um 01:10 schrieb Wayne Thayer via dev-security-policy: Getting back to the earlier question about email certificates, I am now of the opinion that we should limit the scope of this policy update to TLS certificates. The current language for email certificates isn't clear and any

Incident Report DFN-PKI: Non-IDNA2003 encoded international domain names

We received a report about non-idna2003 encoded international domain names. 4 certificates were affected and are revoked by now. Details can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1522080 Please also take note of the ongoing discussion regarding this topic in the CA/B

Incident report DFN-PKI: 40 OV certificates with wrong ST

From 2018-10-17 to 2019-03-06, DFN-PKI issued 40 certificates with wrong ST-Field. 35 server certificates, 5 user certificates. Details can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1534580 Thanks, Jürgen ___