Re: Talk at FOSDEM

2017-02-09 Thread Martin Heaps via dev-security-policy
Thank you for the link, Gerv. That was a very interesting watch. Curious correlation [post video] between Earnst and Young re:Wosign and Earnst and Young re: CrossCert (although I assume this CrossCert relationship was only forthcoming after your talk). And the gent around the 38

Re: Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites

2017-03-27 Thread Martin Heaps via dev-security-policy
This topic is frustrating in that there seems to be a wide attempt by people to use one form of authentication (DV TLS) to verify another form of authentication (EV TLS). There seems an issue for people not being able to understand that a FREE service with a vey low bar in knowledge

Re: Misissued/Suspicious Symantec Certificates

2017-03-01 Thread Martin Heaps via dev-security-policy
On Tuesday, 28 February 2017 17:45:19 UTC, Santhan Raj wrote: > WebTrust for Certification Authorities , SSL > BaselinewithNetwork Security, Version 2.0,available > at > http://www.webtrust.org/homepage‚Äźdocuments/item79806.pdf. 404 - File

Re: Symantec Response L

2017-04-14 Thread Martin Heaps via dev-security-policy
On Tuesday, 11 April 2017 22:09:39 UTC+1, Eric Mill wrote: > On Tue, Apr 11, 2017 at 6:37 AM, Gervase Markham via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > An (interactive) picture might help illustrate what I'm pointing to. This > is the Federal PKI: >

Re: [EXT] Symantec response to Google proposal

2017-06-05 Thread Martin Heaps via dev-security-policy
As an incidental, I am negatively influenced by reading Symantecs response: On Friday, 2 June 2017 16:48:45 UTC+1, Steve Medin wrote: > > https://www.symantec.com/connect/blogs/symantec-s-response-google- > s-subca-proposal > > > > > Our primary objective has always been to minimize any