Re: Miss-issuance: URI in dNSName SAN

2017-08-17 Thread Jonathan Rudenberg via dev-security-policy
> On Aug 17, 2017, at 07:19, ramirommunoz--- via dev-security-policy > wrote: > > https://crt.sh/?id=112929021=cablint > is a precertificate. You can see the CT Precertificate Poison critical > extention. The serial number of this certificate should

Re: Miss-issuance: URI in dNSName SAN

2017-08-17 Thread ramirommunoz--- via dev-security-policy
El jueves, 17 de agosto de 2017, 12:26:05 (UTC+2), ramiro...@gmail.com escribió: > El martes, 15 de agosto de 2017, 15:13:04 (UTC+2), Gervase Markham escribió: > > On 08/08/17 14:33, Alex Gaynor wrote: > > > Following up on this thread, 8 days ago I emailed Camerfirma, I have not > > > heard

Re: Miss-issuance: URI in dNSName SAN

2017-08-17 Thread ramirommunoz--- via dev-security-policy
El martes, 15 de agosto de 2017, 15:13:04 (UTC+2), Gervase Markham escribió: > On 08/08/17 14:33, Alex Gaynor wrote: > > Following up on this thread, 8 days ago I emailed Camerfirma, I have not > > heard back from them, nor have they taken any action. What is the > > appropriate next step here? >

Re: Miss-issuance: URI in dNSName SAN

2017-08-15 Thread Gervase Markham via dev-security-policy
On 08/08/17 14:33, Alex Gaynor wrote: > Following up on this thread, 8 days ago I emailed Camerfirma, I have not > heard back from them, nor have they taken any action. What is the > appropriate next step here? I have emailed the primary Point of Contact at Camerfirma to enquire as to what is

Re: Miss-issuance: URI in dNSName SAN

2017-08-15 Thread Gervase Markham via dev-security-policy
On 31/07/17 15:14, Alex Gaynor wrote: > So far I've encountered issues with: > > - DocuSign (OpenTrust/Keynectis) - who neglected to fill out that field > - StartCom - who filled out "web publication", I don't know what that means I have emailed both of these CAs to request that they provide

Re: Miss-issuance: URI in dNSName SAN

2017-08-08 Thread Alex Gaynor via dev-security-policy
Hi all, Following up on this thread, 8 days ago I emailed Camerfirma, I have not heard back from them, nor have they taken any action. What is the appropriate next step here? Alex On Mon, Jul 31, 2017 at 10:14 AM, Alex Gaynor wrote: > I've been attempting to report a

Re: Miss-issuance: URI in dNSName SAN

2017-07-31 Thread Gervase Markham via dev-security-policy
On 25/07/17 18:13, Jeremy Rowley wrote: > I would also love to see a more standardized notice mechanism that is > universal to all CAs. Right now, notifying CAs is a pain as some have > different webforms, some use email, and some don't readily tell you how to > contact them about certificate

RE: Miss-issuance: URI in dNSName SAN

2017-07-25 Thread Jeremy Rowley via dev-security-policy
+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Alex Gaynor via dev-security-policy Sent: Tuesday, July 25, 2017 10:58 AM To: Alex Gaynor <alex.gay...@gmail.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Miss-issuance: URI in dNSName SAN Following up on this (and

Re: Miss-issuance: URI in dNSName SAN

2017-07-25 Thread Kurt Roeckx via dev-security-policy
On Tue, Jul 25, 2017 at 12:57:44PM -0400, Alex Gaynor via dev-security-policy wrote: > Following up on this (and really several other threads). The BRs require > mis-issued certs to be revoked with 24 hours of the CA becoming aware. CAs > are required to track m.d.s.p. per the Mozilla Root

Re: Miss-issuance: URI in dNSName SAN

2017-07-25 Thread Alex Gaynor via dev-security-policy
Following up on this (and really several other threads). The BRs require mis-issued certs to be revoked with 24 hours of the CA becoming aware. CAs are required to track m.d.s.p. per the Mozilla Root Policy, so really notifying this list _ought_ to qualify as notifying the CAs. In any event, here

Re: Miss-issuance: URI in dNSName SAN

2017-07-22 Thread Ryan Sleevi via dev-security-policy
On Fri, Jul 21, 2017 at 4:04 AM ramirommunoz--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > El jueves, 20 de julio de 2017, 16:49:15 (UTC+2), Gervase Markham > escribió: > > On 19/07/17 14:53, Alex Gaynor wrote: > > > I'd like to report the following instance of

Re: Miss-issuance: URI in dNSName SAN

2017-07-22 Thread ramirommunoz--- via dev-security-policy
El jueves, 20 de julio de 2017, 16:49:15 (UTC+2), Gervase Markham escribió: > On 19/07/17 14:53, Alex Gaynor wrote: > > I'd like to report the following instance of miss-issuance: > > Thank you. Again, I have drawn this message to the attention of the CAs > concerned (Government of Venezuela and

Re: Miss-issuance: URI in dNSName SAN

2017-07-20 Thread Gervase Markham via dev-security-policy
On 19/07/17 14:53, Alex Gaynor wrote: > I'd like to report the following instance of miss-issuance: Thank you. Again, I have drawn this message to the attention of the CAs concerned (Government of Venezuela and Camerfirma). Gerv ___ dev-security-policy