While a certain amount of latency in OCSP updates is expected when a
certificate is first issued or revoked, KIR intended this to be a permanent
"unknown" status for a revoked certificate. My conclusion from this
discussion is that such a policy is not permitted, and the existing
requirements are
On Friday, February 1, 2019 at 11:38:40 PM UTC+1, Kurt Roeckx wrote:
> On Fri, Feb 01, 2019 at 03:02:17PM -0700, Wayne Thayer wrote:
> > It was pointed out to me that the OCSP status of the misissued certificate
> > that is valid for over 5 years is still "unknown" despite having been
> > revoked
kx via dev-security-policy
> > Gesendet: Freitag, 1. Februar 2019 23:38
> > An: Wayne Thayer
> > Cc: mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>
> > Betreff: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations
> (KIR)
>
Berlin and
> Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300,
> Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
>
> > -Ursprüngliche Nachricht-
> > Von: dev-security-policy
> Im Auftrag von Kurt Roeckx via dev-security-policy
> > Gesendet: Freitag,
m
> Auftrag von Kurt Roeckx via dev-security-policy
> Gesendet: Freitag, 1. Februar 2019 23:38
> An: Wayne Thayer
> Cc: mozilla-dev-security-policy
>
> Betreff: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
>
> On Fri, Feb 01, 2019 at 03:02:
On Fri, Feb 01, 2019 at 03:02:17PM -0700, Wayne Thayer wrote:
> It was pointed out to me that the OCSP status of the misissued certificate
> that is valid for over 5 years is still "unknown" despite having been
> revoked a week ago. I asked KIR about this in the bug [1] and am surprised
> by their
It was pointed out to me that the OCSP status of the misissued certificate
that is valid for over 5 years is still "unknown" despite having been
revoked a week ago. I asked KIR about this in the bug [1] and am surprised
by their response:
This certificate is revoked on CRL. Because the
On 2019-01-29 1:29, Wayne Thayer wrote:
Piotr just filed an incident report on the misissuance that was reported on
18-January: https://bugzilla.mozilla.org/show_bug.cgi?id=1523186
I guess this part is not very clear to me:
> We identified and removed from system the registration policy that
Piotr just filed an incident report on the misissuance that was reported on
18-January: https://bugzilla.mozilla.org/show_bug.cgi?id=1523186
The report discloses another misissuance that occurred during testing,
resulting in a serverAuth certificate with a duration of over 5 years.
On Sun, Jan
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the
On 18/01/2019 19:21, piotr.grabow...@kir.pl wrote:
W dniu piątek, 18 stycznia 2019 18:44:23 UTC+1 użytkownik Jakob Bohm napisał:
On 17/01/2019 21:12, Wayne Thayer wrote:
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
Hello Wayne,
I am very sorry for the delay.
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the
W dniu piątek, 18 stycznia 2019 18:44:23 UTC+1 użytkownik Jakob Bohm napisał:
> On 17/01/2019 21:12, Wayne Thayer wrote:
> > Hello Piotr,
> >
> > On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> > wrote:
> >
> >> Hello Wayne,
> >>
> >>
> >>
> >> I am very sorry for the delay. Please find
W dniu czwartek, 17 stycznia 2019 21:12:58 UTC+1 użytkownik Wayne Thayer
napisał:
> Hello Piotr,
>
> On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
> wrote:
>
> > Hello Wayne,
> >
> >
> >
> > I am very sorry for the delay. Please find below our answers to Ryan's
> > questions. Regarding the
On 17/01/2019 21:12, Wayne Thayer wrote:
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
Hello Wayne,
I am very sorry for the delay. Please find below our answers to Ryan's
questions. Regarding the question why we didn't report this misissuance
of this 1 certificate
Hello Piotr,
On Thu, Jan 17, 2019 at 6:23 AM Grabowski Piotr
wrote:
> Hello Wayne,
>
>
>
> I am very sorry for the delay. Please find below our answers to Ryan's
> questions. Regarding the question why we didn't report this misissuance
> of this 1 certificate as separate incident in my opinion
. Pileckiego 65
02-781 Warszawa
Tel. +48 22 545 56 76
Tel. +48 507 024 083
From: Wayne Thayer
Sent: Thursday, January 17, 2019 12:55 AM
To: Ryan Sleevi
Cc: Grabowski Piotr ; mozilla-dev-security-policy
Subject: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
Piotr,
I
pressure on Verizon to deliver:
>>
>> o Policy field size validation – in our opinion it is simple change
>> request and should be delivered ASAP.
>>
>> o native x509lint or zlint feature
>>
>>
>>
>>
>>
>> Piotr Grabowski
>&g
Grabowski
> Linia biznesowa podpis elektroniczny
> Krajowa Izba Rozliczeniowa S.A.
> ul. rtm. W. Pileckiego 65
> 02-781 Warszawa
>
> Tel. +48 22 545 56 76
>
> Tel. +48 507 024 083
>
>
>
> *From:* Wayne Thayer
> *Sent:* Wednesday, January 09, 2019 9:52 PM
&g
6
Tel. +48 507 024 083
From: Wayne Thayer
Sent: Wednesday, January 09, 2019 9:52 PM
To: Grabowski Piotr
Cc: r...@sleevi.com; mozilla-dev-security-policy
Subject: Re: Odp.: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
KIR recently misissued another (pre-)certificate with an organi
18 at 8:16 AM Grabowski Piotr
wrote:
> Hello,
>
> My comments in blue.
>
>
> --
> *Od:* Ryan Sleevi
> *Wysłane:* czwartek, 11 października 2018 04:53
> *Do:* Grabowski Piotr
> *DW:* Wayne Thayer; mozilla-dev-security-policy
> *Tem
Hello,
My comments in blue.
Od: Ryan Sleevi
Wysłane: czwartek, 11 października 2018 04:53
Do: Grabowski Piotr
DW: Wayne Thayer; mozilla-dev-security-policy
Temat: Re: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
On Wed, Oct 10, 2018 at 4:33 PM
On Wed, Oct 10, 2018 at 4:58 PM Grabowski Piotr
wrote:
> Hello Ryan,
>
>
> In the design of this template, one of the concerns was about
> understanding *how* a problem happened, not just how a CA responded. This
> is why it includes text such as "This may include events before the
> incident
On Wed, Oct 10, 2018 at 4:33 PM Grabowski Piotr via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hello Wayne,
>
> - Is the new dual control process documented in a manner that will be
> auditable by your external auditors?
>
> Yes, the new dual control process is
Hello Ryan,
In the design of this template, one of the concerns was about understanding
*how* a problem happened, not just how a CA responded. This is why it includes
text such as "This may include events before the incident was reported, such as
when a particular requirement became
2018 23:45:39
Do: Grabowski Piotr
DW: mozilla-dev-security-policy
Temat: Re: Odp.: 46 Certificates issued with BR violations (KIR)
On Tue, Oct 9, 2018 at 5:30 AM Grabowski Piotr
mailto:piotr.grabow...@kir.pl>> wrote:
Hello Wayne,
Please find our comments below:
So far the process for
On Tue, Oct 9, 2018 at 5:30 AM Grabowski Piotr
wrote:
> Hello Wayne,
>
> Please find our comments below:
>
>
> So far the process for modifying policy templates was controlled by only
> one person at the moment. Although these persons
> have an extensive experience in PKI and preparing
Hello Wayne,
Please find our comments below:
So far the process for modifying policy templates was controlled by only one
person at the moment. Although these persons
have an extensive experience in PKI and preparing certificate templates and in
common daily duties they work with serveral
28 matches
Mail list logo
