On 13/10/16 14:16, Dean Coclin wrote:
> [First Data] Yes. We send them directly to integrators. They are
> not published on a website. At the point a device vendor certifies
> to our network we currently specify one Root which is the VeriSign
> G5. With the emergence of 2048bit certs, we
Although these minutes were approved, some issues were noted after approval.
Those corrections are included in this approved version.
Final Minutes September 15, 2016 (v2, revised 9/29/2016)
Attendees: Alex Wight (Cisco), Arno Fiedler (D-Trust), Atsushi Inaba
(Globalsign), Ben Wilson
On 29/09/16 19:52, Dean Coclin wrote:
> In accordance with the SHA-1 Exception Request procedure, we hereby submit
> the attached request on behalf of our client.
After consideration, Mozilla grants an exception for the issuance of
SHA-1 certificates, with the condition that they expire not
Draft Minutes September 29, 2016
Attendees: Andrew Whalley (Google), Anuj Saxena (Network Solutions), Arno
Fiedler (D-Trust), Atsushi Inaba (Globalsign), Ben Wilson (Digicert), Billy
VanCannon (Trustwave), Bruce Morton (Entrust), Connie Enke (SwissSign), Curt
Spann (Apple), Dean Coclin
Thank you for the prompt response to First Data's application. While we
appreciate the approval and await responses from other browsers, I'd like to
point out that this deadline doesn't really help First Data and the merchants
As discussed during the TSYS exception in July, the
Additional commentary from First Data about the December cutoff date:
• Dec. 31st falls on the first weekend after Christmas this year which is
the peak time for gift returns and exchanges.
• Gift card redemptions are also at their peak this weekend
• New Year’s Day is a
Kirk, in my years with VeriSign and Symantec, I also can’t recall a domain
owner asking for more info about a cert that we had issued, but
a) The request probably would not have come to or through me
b) It’s a lot more likely to happen today because of CT
The first example you
Fair enough – we can all file away Peter’s list for future use. But in my
mind, the second example is equivalent to a Certificate Problem Report that is
requesting revocation, and I think each CA can develop its own methods for how
to handle that – I don’t think we need mandatory provisions in
> Or do you have some requirements, e.g. PCI compliance?
> [First Data] Yes there are PCI requirements that must be met. As pointed out
> by Peter Bowen, those requirements have not yet prohibited SHA-1
I think that's a miscategorization of what Peter said. He was simply
More responses below:
On 12/10/16 16:50, Dean Coclin wrote:
> [First Data] Yes. First Data requires POS vendors to certify to our
> API’s which detail the signature algorithms that are supported and
> also detail which ROOT CA’s must be used.
Is this documentation available? Which root CA(s)
Mail list logo