On Monday, September 24, 2018 at 1:09:07 PM UTC-4, Wayne Thayer wrote:
> Good point Nick. Can someone from Identrust provide more details on
> Identrust's use and implementation of validation method 3.2.2.4.10?
[IdenTrust:]We have confirmed in the Jan/2018 CA Communication Survey that this
method
On Tuesday, September 18, 2018 at 8:53:58 PM UTC-4, Wayne Thayer wrote:
> This request is to enable EV treatment for the Identrust Commercial Root CA
> 1 as documented in the following bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1339292
>
> * BR Self Assessment is here:
> https://bugzilla.
On Monday, October 15, 2018 at 7:15:26 PM UTC-4, Nick Hatch wrote:
> On February 21 2018, I reported an unexpired certificate to Identrust which
> contained SAN entries for several invalid .INT domains:
>
> https://crt.sh/?id=7852280
>
> They acknowledged and revoked the certificate in a timely
On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote:
> On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via
> dev-security-policy wrote:
> > 5.Explanation about how and why the mistakes were made, and not caught and
> > fixed earlier.
> >
> >
On Wednesday, October 17, 2018 at 2:02:34 PM UTC-4, Jakob Bohm wrote:
> On 17/10/2018 01:18, Matt Palmer wrote:
> > On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via
> > dev-security-policy wrote:
> >> 5.Explanation about how and why the mistakes were made, and n
On Wednesday, October 17, 2018 at 2:02:34 PM UTC-4, Jakob Bohm wrote:
> On 17/10/2018 01:18, Matt Palmer wrote:
> > On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via
> > dev-security-policy wrote:
> >> 5.Explanation about how and why the mistakes were made, and n
On Wednesday, October 17, 2018 at 9:08:41 PM UTC-4, Matt Palmer wrote:
> On Wed, Oct 17, 2018 at 03:09:52PM -0700, identrust--- via
> dev-security-policy wrote:
> > On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote:
> > > On Tue, Oct 16, 2018 at 02:18:
On Wednesday, October 17, 2018 at 9:08:41 PM UTC-4, Matt Palmer wrote:
> On Wed, Oct 17, 2018 at 03:09:52PM -0700, identrust--- via
> dev-security-policy wrote:
> > On Tuesday, October 16, 2018 at 7:19:07 PM UTC-4, Matt Palmer wrote:
> > > On Tue, Oct 16, 2018 at 02:18:
Wayne
>
> [1]
> https://groups.google.com/d/msg/mozilla.dev.security.policy/00gci6NII9Y/AsQHXkltDgAJ
>
> On Mon, Oct 22, 2018 at 2:14 PM identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Wednesday, October 17, 2018 at
On 04/04/2018 we found a discrepancy in the address values for some SSL
certificates. A formal incident Report was just posted:
https://bugzilla.mozilla.org/show_bug.cgi?id=1526099
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.o
On Thursday, February 7, 2019 at 6:47:03 PM UTC-5, iden...@gmail.com wrote:
> On 04/04/2018 we found a discrepancy in the address values for some SSL
> certificates. A formal incident Report was just posted:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1526099
CORRECTION: This issue was found
On Friday, February 8, 2019 at 4:20:14 AM UTC-5, Kurt Roeckx wrote:
> On 2019-02-08 1:04, identr...@gmail.com wrote:
> > On Thursday, February 7, 2019 at 6:47:03 PM UTC-5, iden...@gmail.com wrote:
> >> On 04/04/2018 we found a discrepancy in the address values for some SSL
> >> certificates. A for
On Wednesday, March 13, 2019 at 9:09:35 PM UTC-4, Peter Gutmann wrote:
> Richard Moore via dev-security-policy
> writes:
>
> >If any other CA wants to check theirs before someone else does, then now is
> >surely the time to speak up.
>
> I'd already asked previously whether any CA wanted to ind
On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
> required to have the plaintext HTTP scheme according to Baseline R
On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> > wrote:
> >
> > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> >> “IdenTrust ACES CA 2”
On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> > wrote:
> >
> > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> >> “IdenTrust ACES CA 2”
On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
> required to have the plaintext HTTP scheme according to Baseline R
On Wednesday, August 9, 2017 at 11:59:42 PM UTC-4, Lee wrote:
> On 8/9/17, Eric Mill wrote:
> > On Wed, Aug 9, 2017 at 4:28 PM, Lee wrote:
> >
> >> On 8/9/17, Eric Mill via dev-security-policy
> >> wrote:
> >> > On Tue, Aug 8, 2017 at 5:53 PM, iden
On Thursday, August 10, 2017 at 12:23:55 AM UTC-4, Lee wrote:
> What's it going to take for mozilla to set up near real-time
> monitoring/auditing of certs showing up in ct logs?
>
> Lee
>
> On 8/9/17, Alex Gaynor via dev-security-policy
> wrote:
> > (Whoops, accidentally originally CC'd to m.d.
On Thursday, August 10, 2017 at 12:21:18 PM UTC-4, Ryan Sleevi wrote:
> On Thu, Aug 10, 2017 at 11:55 AM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Thursday, August 10, 2017 at 12:23:55 AM UTC-4, Lee wrote:
> > &g
On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > We acknowledge seeing this issue and are looking into it.
> > Detai
On Tuesday, August 15, 2017 at 1:51:36 AM UTC-4, Eric Mill wrote:
> On Fri, Aug 11, 2017 at 4:43 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> > >
On Friday, August 11, 2017 at 6:05:29 PM UTC-4, paul.l...@gmail.com wrote:
> On Friday, August 11, 2017 at 3:43:17 PM UTC-5, iden...@gmail.com wrote:
> > IdenTrust is fully aware of the situation and has consulted with internal
> > and external parties to ensure that our course of action is approp
On Tuesday, August 15, 2017 at 4:42:06 PM UTC-4, Eric Mill wrote:
> On Tue, Aug 15, 2017 at 2:47 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > We have been moderately successful in replacing the five (5)
> > cert
On Wednesday, August 16, 2017 at 2:06:21 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 16, 2017, at 13:44, Jonathan Rudenberg via dev-security-policy
> > wrote:
> >
> > After looking into this more, I’ve found that the majority of certificates
> > issued by the "IdenTrust ACES CA 2” and "IdenT
On Wednesday, August 9, 2017 at 9:53:14 PM UTC-4, Alex Gaynor wrote:
> (Whoops, accidentally originally CC'd to m.d.s originally! Original mail
> was to IdenTrust)
>
> Hi,
>
> The following certificates appear to be misissued:
>
> https://crt.sh/?id=77893170&opt=cablint
> https://crt.sh/?id=7794
On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy
> > wrote:
> >
> > I looked through the CT logs and found 15 more unexpired unrevoked
> > certificates that are trusted by NSS and appear to hav
On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy
> > wrote:
> >
> > I looked through the CT logs and found 15 more unexpired unrevoked
> > certificates that are trusted by NSS and appear to hav
On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy
> > wrote:
> >
> > I looked through the CT logs and found 15 more unexpired unrevoked
> > certificates that are trusted by NSS and appear to hav
On Wednesday, August 16, 2017 at 1:45:12 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy
> > wrote:
> >
> > I looked through the CT logs and found 15 more unexpired unrevoked
> > certificates that are trusted by NSS and appear to hav
On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 17, 2017, at 14:24, identrust--- via dev-security-policy
> > wrote:
> >
> > Hello, In reference to 3)"Certificates that appear to be intended as client
> > certificates, b
On Friday, August 18, 2017 at 7:22:06 PM UTC-4, iden...@gmail.com wrote:
> On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote:
> > > On Aug 17, 2017, at 14:24, identrust--- via dev-security-policy
> > > wrote:
> > >
> > > Hell
On Tuesday, August 29, 2017 at 12:51:05 PM UTC-4, Ryan Sleevi wrote:
> On Tue, Aug 29, 2017 at 8:47 AM, Paul Kehrer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > Symantec / GeoTrust
> >
> > CCADB does not list an email address. Not CC'd.
> >
> > DN: C=IT, O=UniCr
On Tuesday, August 29, 2017 at 9:41:07 AM UTC-4, Paul Kehrer wrote:
> I've recently completed a scan of OCSP responders with a focus on checking
> whether they are compliant with BR section 4.9.10's requirement: "Effective
> 1 August 2013, OCSP responders for CAs which are not Technically
> Constra
On Monday, August 28, 2017 at 3:28:01 PM UTC-4, iden...@gmail.com wrote:
> On Friday, August 18, 2017 at 7:22:06 PM UTC-4, iden...@gmail.com wrote:
> > On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote:
> > > > On Aug 17, 2017, at 14:24, identrus
On Thursday, August 31, 2017 at 11:31:48 PM UTC-4, Eric Mill wrote:
> Thank you for the continued updates, and for relaying the deadline by which
> these will be revoked.
>
> On Thu, Aug 31, 2017 at 9:35 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.
On Friday, September 8, 2017 at 5:57:44 PM UTC-4, Jeremy Rowley wrote:
> Hi Andrew,
>
> I'm not certain how to update the previous Mozilla response with respect to
> CAA, but we added the following as authorized CAA records:
> Digicert.com
> *.digicert
> Digicert.net.jp
> Cybertrust.net.jp
>
> I
On Friday, September 8, 2017 at 3:25:20 PM UTC-4, Andrew Ayer wrote:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy or practi
On Friday, September 8, 2017 at 3:25:20 PM UTC-4, Andrew Ayer wrote:
> The BRs state:
>
> "Effective as of 8 September 2017, section 4.2 of a CA's Certificate
> Policy and/or Certification Practice Statement (section 4.1 for CAs
> still conforming to RFC 2527) SHALL state the CA's policy or practi
39 matches
Mail list logo