On Tuesday, December 11, 2018 at 11:27:52 AM UTC-6, Hector Martin 'marcan'
wrote:
> On 12/12/2018 01.47, Ryan Sleevi via dev-security-policy wrote:
> > Is this new from the past discussion?
>
> I think what's new is someone actually tried this, and found 5 CAs that
> are vulnerable and for which
>
> See also the screenshot I posted earlier. That was from a black-market web
> site selling EV certificates to anyone with the stolen credit cards to pay for
> them. These are legit EV certs issued to legit companies, available off the
> shelf for criminals to use. For a little extra payment
On Sunday, August 18, 2019 at 12:15:58 AM UTC-5, Matt Palmer wrote:
> On Fri, Aug 16, 2019 at 10:03:53PM -0700, Leo Grove via dev-security-policy
> wrote:
> > However, as a user I support EV SSL. I personally have never come across
> > a scam site that displayed an EV S
I don't know about other CAs, but at SSL.com we issue a very limited number of
EV SSL certificates in comparison to other certificates so it's not a big
revenue driver.
However, as a user I support EV SSL. I personally have never come across a scam
site that displayed an EV SSL (I'm not saying
>
> There are also opportunities for browsers here. I have to admit I
> primarily use Google Chrome, rather than Firefox, so my observations may be
> a little tainted, but I see various places where signals far more valuable
> than the green lock could be implemented. Consider that most
On Thursday, August 29, 2019 at 5:26:55 PM UTC-5, Kirk Hall wrote:
> On Thursday, August 29, 2019 at 3:10:49 PM UTC-7, Ryan Sleevi wrote:
> > On Thu, Aug 29, 2019 at 5:18 PM Kirk Hall via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> > >
> > > Don't argue with me,
On Thursday, August 22, 2019 at 5:50:35 PM UTC-5, Ronald Crane wrote:
> On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
> > I can tell you that anti-phishing services and browser phishing filters
> > have also have concluded that EV sites are very unlikely to be phishing
>
On Tuesday, October 8, 2019 at 10:36:19 PM UTC-5, Matt Palmer wrote:
> On Tue, Oct 08, 2019 at 07:16:59PM -0700, Paul Walsh via dev-security-policy
> wrote:
> > Why isn’t anyone’s head blowing up over the Let’s Encrypt stats?
>
> Because those stats don't show anything worth blowing up ones head
Congrats Ben! Looking forward to working with you.
Regards,
Leo
On Monday, April 13, 2020 at 1:32:42 PM UTC-5, Ben Wilson wrote:
> Thanks, Kathleen
>
> I'm really excited to begin working with all of you!
>
> Cheers and stay safe,
>
> Ben Wilson
>
> On Mon, Apr 13, 2020 at 11:07 AM Kathleen
9 matches
Mail list logo