On Tuesday, August 15, 2017 at 4:42:06 PM UTC-4, Eric Mill wrote:
> On Tue, Aug 15, 2017 at 2:47 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > We have been moderately successful in replacing the five (5)
> > certificates. One (1) has been
On Tue, Aug 15, 2017 at 2:47 PM, identrust--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> We have been moderately successful in replacing the five (5)
> certificates. One (1) has been voluntarily replaced, we have a commitment
> from our client to initiate a
On Friday, August 11, 2017 at 6:05:29 PM UTC-4, paul.l...@gmail.com wrote:
> On Friday, August 11, 2017 at 3:43:17 PM UTC-5, iden...@gmail.com wrote:
> > IdenTrust is fully aware of the situation and has consulted with internal
> > and external parties to ensure that our course of action is
On Tuesday, August 15, 2017 at 1:51:36 AM UTC-4, Eric Mill wrote:
> On Fri, Aug 11, 2017 at 4:43 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> > > On Thu, Aug 10, 2017 at 11:34
On 07/08/17 22:30, Jakob Bohm wrote:
> Since the CT made it possible, I have seen an increasing obsession with
> enforcing every little detail of the BRs, things that would not only
> have gone unnoticed, but also been considered unremarkable before CT.
I am firmly of the opinion that all BR and
On Fri, Aug 11, 2017 at 4:43 PM, identrust--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> > On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy <
> >
On Friday, August 11, 2017 at 3:43:17 PM UTC-5, iden...@gmail.com wrote:
> IdenTrust is fully aware of the situation and has consulted with internal and
> external parties to ensure that our course of action is appropriate and
> commensurate with our business practices and accommodates our
On Thursday, August 10, 2017 at 11:51:54 PM UTC-4, Eric Mill wrote:
> On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > We acknowledge seeing this issue and are looking into it.
> > Details will be supplied as soon we
On Thu, Aug 10, 2017 at 11:34 AM, identrust--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> We acknowledge seeing this issue and are looking into it.
> Details will be supplied as soon we can but not later that today’s end of
> business day.
>
Thanks for looking
On Wednesday, August 9, 2017 at 11:59:42 PM UTC-4, Lee wrote:
> On 8/9/17, Eric Mill wrote:
> > On Wed, Aug 9, 2017 at 4:28 PM, Lee wrote:
> >
> >> On 8/9/17, Eric Mill via dev-security-policy
> >> wrote:
> >> > On Tue,
On Monday, August 7, 2017 at 3:47:39 PM UTC-5, Jonathan Rudenberg wrote:
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
> required to have the plaintext HTTP scheme according to Baseline
On 8/9/17, Eric Mill wrote:
> On Wed, Aug 9, 2017 at 4:28 PM, Lee wrote:
>
>> On 8/9/17, Eric Mill via dev-security-policy
>> wrote:
>> > On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
>> >
On Wed, Aug 9, 2017 at 4:28 PM, Lee wrote:
> On 8/9/17, Eric Mill via dev-security-policy
> wrote:
> > On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >> On
On 8/9/17, Eric Mill via dev-security-policy
wrote:
> On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
>> >
On Tue, Aug 8, 2017 at 5:53 PM, identrust--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
> > > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy <
>
On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
> required to have the plaintext HTTP scheme according to Baseline
On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> > wrote:
> >
> > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> >> “IdenTrust ACES
On Tuesday, August 8, 2017 at 12:06:47 PM UTC-4, Jonathan Rudenberg wrote:
> > On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> > wrote:
> >
> > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> >> “IdenTrust ACES
On 08/08/2017 19:44, Ryan Sleevi wrote:
On Tuesday, August 8, 2017 at 8:52:54 PM UTC+9, Jakob Bohm wrote:
On 08/08/2017 12:54, Nick Lamb wrote:
On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
Since the CT made it possible, I have seen an increasing obsession with
enforcing every
On Tuesday, August 8, 2017 at 8:52:54 PM UTC+9, Jakob Bohm wrote:
> On 08/08/2017 12:54, Nick Lamb wrote:
> > On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
> >> Since the CT made it possible, I have seen an increasing obsession with
> >> enforcing every little detail of the BRs,
> On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> wrote:
>
> On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
>> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder
>> URL that has a HTTPS
Luckily we have tools like certlint, which can be run on certificates to
catch this stuff!
I'd feel very differently if CAs were starting these threads because they'd
caught issues with certlint, than the fact that independent researchers are
noticing.
Alex
On Tue, Aug 8, 2017 at 7:52 AM, Jakob
On 08/08/2017 12:54, Nick Lamb wrote:
On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
Since the CT made it possible, I have seen an increasing obsession with
enforcing every little detail of the BRs, things that would not only
have gone unnoticed, but also been considered
On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
> Since the CT made it possible, I have seen an increasing obsession with
> enforcing every little detail of the BRs, things that would not only
> have gone unnoticed, but also been considered unremarkable before CT.
Even if I had no
On Tuesday, August 8, 2017 at 6:31:34 AM UTC+9, Jakob Bohm wrote:
> On 07/08/2017 23:05, Vincent Lynch wrote:
> > Jakob,
> >
> > I don't see what is wrong with Jonathan reporting these issues. The authors
> > and ratifiers of the BRs made the choice to specify these small details.
> > While a
> Do we really want the CA community to be filled with bureaucratic
> enforcement of harsh punishments for every slight misstep? This is the
> important question that any organization (in this case this community)
> needs to ask itself whenever new surveillance abilities make it possible
> to
On 07/08/2017 23:05, Vincent Lynch wrote:
Jakob,
I don't see what is wrong with Jonathan reporting these issues. The authors
and ratifiers of the BRs made the choice to specify these small details.
While a minor encoding error is certainly not as alarming as say, issuing
an md5 signed
> On Aug 7, 2017, at 16:57, Jakob Bohm via dev-security-policy
> wrote:
>
> On 07/08/2017 22:47, Jonathan Rudenberg wrote:
>> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder
>> URL that has a HTTPS URI scheme. This is not valid,
Jakob,
I don't see what is wrong with Jonathan reporting these issues. The authors
and ratifiers of the BRs made the choice to specify these small details.
While a minor encoding error is certainly not as alarming as say, issuing
an md5 signed certificate, it is still an error and is worth
On 07/08/2017 22:47, Jonathan Rudenberg wrote:
“IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
required to have the plaintext HTTP scheme according to Baseline Requirements
section
> On Aug 7, 2017, at 16:47, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is
> required to
31 matches
Mail list logo