Am Montag, 19. Juni 2017 21:15:09 UTC+2 schrieb Kathleen Wilson:
> I just filed https://bugzilla.mozilla.org/show_bug.cgi?id=1374381 about an
> audit statement that I received for SwissSign. I have copied the bug
> description below, because I am concerned that there still may be ETSI
>
gt; On 06/09/17 20:38, cornelia.enke66--- via dev-security-policy wrote:
> > SwissSign has identified the following incident:
> > two Certificate signed with SHA1: Violation BR 7.3.1
> >
> > 1)
> > During an internal audit on 05.09.2017 we found out that there are two
Am Mittwoch, 6. September 2017 22:38:35 UTC+2 schrieb Nick Lamb:
> Thanks for writing this incident report.
>
> The latter of the two certificates was issued after popular web browsers had
> ceased accepting SHA-1 as far as I understand it. As a result it seems likely
> that it would not have
Am Montag, 11. September 2017 12:38:38 UTC+2 schrieb Gervase Markham:
> Hi Connie,
>
> On 06/09/17 20:38, cornelia.enk...@gmail.com wrote:
> > SwissSign has identified the following incident:
> > two Certificate signed with SHA1: Violation BR 7.3.1
>
> Thank you for this report. There have been
SwissSign has identified the following incident:
two Certificate signed with SHA1: Violation BR 7.3.1
1)
During an internal audit on 05.09.2017 we found out that there are two
certificates issued after 16.01.2015 and signed with a SHA1 hash.
After the discovery of two certificates, the
Am Dienstag, 12. Dezember 2017 11:10:00 UTC+1 schrieb cornel...@swisssign.com:
> 1)How your CA first became aware of the problem (e.g. via a problem report
> submitted to your Problem Reporting Mechanism, a discussion in
> mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and
I have to correct one thing:
7)
The implemented controls detected the misconfiguration, when we detectetd the
misconfiguration the report was given within 24 hours.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
7 matches
Mail list logo
