Perhaps some explicit statements about sub-CAs would be helpful - detailing
where responsibility lies and how a CA is required to deal with a sub-CA who is
found to have misissued.
___
dev-security-policy mailing list
This one is interesting since the domain name of the CRL resolves to an RFC
1918 IP address. Surely that is a violation of the baseline requirements.
https://crt.sh/?sha256=b82210cde9ddea0e14be29af647e4b32f96ed2a9ef1aa5baa9cc64b38b6c01ca
Regards
Rich.
On Thursday, June 8, 2017 at 12:45:25 AM
On Monday, May 8, 2017 at 1:24:28 PM UTC+1, Gervase Markham wrote:
> I think it might be appropriate to have a further round of questions to
> Symantec from Mozilla, to try and get some clarity on some outstanding
> and concerning issues. Here are some _proposed_ questions; feel free to
> suggest
I suspect many smaller CAs are non-compliant too, for example gandi's CPS
hasn't changed since 2009 according to its changelog.
https://www.gandi.net/static/docs/en/gandi-certification-practice-statement.pdf
Cheers
Rich.
___
dev-security-policy
On Thursday, September 21, 2017 at 10:13:56 AM UTC+1, Rob Stradling wrote:
> Our CPS has now been updated.
Will you be ensuring that CAs like Gandi who are chaining back to your roots
also update their CPS?
Regards
Rich.
___
dev-security-policy
5 matches
Mail list logo