...@lists.mozilla.org
Subject: RE: Certificates with metadata-only subject fields
On this particular issue, it's questionable whether these are a violation of
a strict reading of the BRs. Section 7.1.4.2.2(i) defines the OU field.
Section 7.1.4.2.2(j) defines "Any other subject".
Section 7
, 2017 12:24 PM
To: Jeremy Rowley <jeremy.row...@digicert.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Certificates with metadata-only subject fields
Can you provide an example of what you believe is a bigger issue that has been
masked? Otherwise, it sounds like you're
metadata.
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, August 10, 2017 12:24 PM
To: Jeremy Rowley <jeremy.row...@digicert.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Certificates with metadata-only subject fields
Can you provide an example of wh
to:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Alex Gaynor via dev-security-policy
Sent: Thursday, August 10, 2017 7:20 AM
To: Ryan Sleevi <r...@sleevi.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Certificates with metadata-only
> From: dev-security-policy
> [mailto:dev-security-policy-bounces+jeremy.rowley=
> digicert.com@lists.mozilla
> .org] On Behalf Of David E. Ross via dev-security-policy
> Sent: Wednesday, August 9, 2017 4:35 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: R
Of David E. Ross via dev-security-policy
Sent: Wednesday, August 9, 2017 4:35 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Certificates with metadata-only subject fields
On 8/9/2017 2:54 PM, Jonathan Rudenberg wrote:
>
>> On Aug 9, 2017, at 17:50, Peter Bowen <pzbo.
As a friend of mine sagely points out, fundamentally the current incentives
for a CA are, "Issuing certs gets us money, not issuing certs does not get
us anything". That's an incentive structure that badly needs correction --
CAs should be accountable for what they issue.
Without speaking to
> On Aug 9, 2017, at 18:34, David E. Ross via dev-security-policy
> wrote:
>
> On 8/9/2017 2:54 PM, Jonathan Rudenberg wrote:
>>
>>> On Aug 9, 2017, at 17:50, Peter Bowen wrote:
>>>
>>> The point of certlint was to help identify
On 8/9/2017 2:54 PM, Jonathan Rudenberg wrote:
>
>> On Aug 9, 2017, at 17:50, Peter Bowen wrote:
>>
>> The point of certlint was to help identify issues. While I appreciate
>> it getting broad usage, I don't think pushing for revocation of every
>> certificate that trips any
> On Aug 9, 2017, at 17:50, Peter Bowen wrote:
>
> The point of certlint was to help identify issues. While I appreciate
> it getting broad usage, I don't think pushing for revocation of every
> certificate that trips any of the Error level checks is productive.
I agree,
lists.mozilla.org]
> On Behalf Of Jonathan Rudenberg via dev-security-policy
> Sent: Wednesday, August 9, 2017 10:08 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Certificates with metadata-only subject fields
>
> Baseline Requirements section 7.1.4.2.2(j)
:08 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Certificates with metadata-only subject fields
Baseline Requirements section 7.1.4.2.2(j) says:
> All other optional attributes, when present within the subject field, MUST
> contain information that has been verified by
Baseline Requirements section 7.1.4.2.2(j) says:
> All other optional attributes, when present within the subject field, MUST
> contain information that has been verified by the CA. Optional attributes
> MUST NOT contain metadata such as ‘.’, ‘‐‘, and ‘ ‘ (i.e. space) characters,
> and/or any
13 matches
Mail list logo