> On Dec 6, 2018, at 5:56 PM, Jakob Bohm via openssl-users
> wrote:
>
>> While the point of EV was that it certified a binding to a (domain +
>> business name)
>> rather than just a domain with DV, it turned out that displaying the
>> business name
>> was also subject to abuse, and the
On 06/12/2018 21:16, Viktor Dukhovni wrote:
On Dec 6, 2018, at 3:06 PM, Blumenthal, Uri - 0553 - MITLL
wrote:
So, a CA that's supposed to validate its customer before issuing a certificate, may do a
"more sloppy job" if he doesn't cough up some extra money.
I think Peter is exactly right
> On Dec 6, 2018, at 3:06 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> So, a CA that's supposed to validate its customer before issuing a
> certificate, may do a "more sloppy job" if he doesn't cough up some extra
> money.
>
> I think Peter is exactly right here. CA either do their job,
>> Quoting from Peter Gutmann's "Engineering Security",
>> section "EV Certificates: PKI-me-Harder"
>>
>> Indeed, cynics would say that this was exactly the problem that
>> certificates and CAs were supposed to solve in the first place, and
>> that
On 06/12/2018 11:48, Michael Ströder wrote:
On 12/6/18 10:03 AM, Jakob Bohm via openssl-users wrote:
On 05/12/2018 17:59, Viktor Dukhovni wrote:
IIRC Apple's Safari is ending support for EV, and some say that EV
has failed, and are not sorry to see it go.
This is very bad for security. So
On 12/6/18 10:03 AM, Jakob Bohm via openssl-users wrote:
> On 05/12/2018 17:59, Viktor Dukhovni wrote:
>> IIRC Apple's Safari is ending support for EV, and some say that EV
>> has failed, and are not sorry to see it go.
>
> This is very bad for security. So far the only real failures have
> been:
Does OpenSSL have a policy stance on government enforced back doors ?
--
Regards,
Mark A. Lane
Cryptopocalypse NOW 01 04 2016
Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @
https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11
© Mark A. Lane 1980 - 2018, All
On 05/12/2018 00:50, Viktor Dukhovni wrote:
On Tue, Dec 04, 2018 at 04:15:11PM +0100, Jakob Bohm via openssl-users wrote:
Care to create a PR against the "master" branch? Something
along the lines of:
"Provided chain ends with untrusted self-signed certificate"
or better. Here
On 05/12/2018 17:59, Viktor Dukhovni wrote:
On Dec 5, 2018, at 4:49 AM, Jan Just Keijser wrote:
The only reason to use OCSP I currently have is in Firefox: if you turn off
"Query OCSP responder servers" in Firefox then EV certificates will no longer
show up with their owner/domain name.
IIRC