On Tue, Oct 04, 2016 at 01:14:45PM -0700, Percy wrote:
> On Tuesday, October 4, 2016 at 4:41:18 AM UTC-7, Rob Stradling wrote:
> > Today we have revoked (via CRL and OCSP) all 3 of the cross-certificates
> > that we'd issued to WoSign:
>
> Does this mean all end entity certs chained to them are bl
On Tuesday, October 4, 2016 at 4:41:18 AM UTC-7, Rob Stradling wrote:
> Today we have revoked (via CRL and OCSP) all 3 of the cross-certificates
> that we'd issued to WoSign:
>
> https://crt.sh/?id=3223853
> https://crt.sh/?id=12716343
> https://crt.sh/?id=12716433
>
> See also:
> https://bugzill
On Tue, Oct 4, 2016 at 6:29 AM, Rob Stradling wrote:
> On 04/10/16 13:18, Nick Lamb wrote:
>> On Tuesday, 4 October 2016 11:14:01 UTC+1, Rob Stradling wrote:
>>> Neither. I'd like to run cablint over all certs pre-issuance, but
>>> unfortunately it's not practical to do this yet because 1) cabli
On 29/09/16 16:40, Gervase Markham wrote:
> Following the publication of the recent investigative report,
> representatives of Qihoo 360 and StartCom have requested a face-to-face
> meeting with Mozilla. We have accepted, and that meeting will take place
> next Tuesday in London.
This meeting happ
On 04/10/16 14:19, Nick Lamb wrote:
> That's why I proposed Mozilla might like to write this to CA/B or in
> a group CA communication, because I would be astonished if WoSign and
> Comodo are the only CAs to have such special "rules" that defeat the
> purpose of the validation step, or if this is t
Kyle,
You can claim and be honoured to get me out of my relative quietness. As the
vast majority, I am relatively happy to read message in a forum while searching
a solution to a problem. Your message raises multiple points that have to be
address.
I consider myself as a certificate newbie an
On 04/10/16 13:18, Nick Lamb wrote:
> On Tuesday, 4 October 2016 11:14:01 UTC+1, Rob Stradling wrote:
>> Neither. I'd like to run cablint over all certs pre-issuance, but
>> unfortunately it's not practical to do this yet because 1) cablint is
>> too slow and 2) there are some differences of opin
On Tuesday, 4 October 2016 12:21:47 UTC+1, Rob Stradling wrote:
> When we are required (by CABForum and/or root program requirements) to
> do , we will of course undertake to do .
>
> There are lots of s that we are already required to do. We
> haven't tended to issue a separate announcement for
Hi,
There seem to be more certificates of that kind that weren't mentioned
in the incident report. Here's a .re / www.re certificate (expired
2015):
https://crt.sh/?id=4467456
Has comodo checked its systems for other certificates of that kind? Can
you provide a full list of all such certificates?
On Tuesday, 4 October 2016 11:14:01 UTC+1, Rob Stradling wrote:
> Neither. I'd like to run cablint over all certs pre-issuance, but
> unfortunately it's not practical to do this yet because 1) cablint is
> too slow and 2) there are some differences of opinion that have been
> discussed at CABForu
Today we have revoked (via CRL and OCSP) all 3 of the cross-certificates
that we'd issued to WoSign:
https://crt.sh/?id=3223853
https://crt.sh/?id=12716343
https://crt.sh/?id=12716433
See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=906611#c2
On 06/09/16 11:11, Rob Stradling wrote:
> Hi Pe
On 03/10/16 02:23, Nick Lamb wrote:
> Comodo's document never actually says that they're abolishing this "rule" as
> a result of Ballot 169. It lets you choose to draw that implication, by
> specifying that their current practices pre-date Ballot 169's changes, but it
> never says as much.
Nic
On Mon, Oct 3, 2016 at 9:44 PM, Peter Bowen wrote:
> On Mon, Oct 3, 2016 at 5:24 PM, Jakob Bohm wrote:
> > On 03/10/2016 20:41, Kyle Hamilton wrote:
> >> WoSign is known to be cross-signed by several independent CAs (as well
> as
> >
> >> 2. There is only One Certificate Path that can be proven
On 02/10/16 17:49, Nick Lamb wrote:
> On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
>> https://www.mail-archive.com/[email protected]/msg04274.html
>
> Thanks, I too could not find this in Google Groups. That is a little
> concerning as I had assumed this was
On 04/10/16 11:51, Kurt Roeckx wrote:
> On Tue, Oct 04, 2016 at 11:13:21AM +0100, Rob Stradling wrote:
>> On 04/10/16 07:10, Gervase Markham wrote:
>>> Does Comodo run cablint over all certificates post-issuance (or
>>> pre-issuance)?
>>
>> Neither. I'd like to run cablint over all certs pre-iss
On Tue, Oct 04, 2016 at 11:13:21AM +0100, Rob Stradling wrote:
> On 04/10/16 07:10, Gervase Markham wrote:
>
> >> [4] https://crt.sh/?cablint=1+week
> >
> > This URL is a 404.
>
> Sorry, crt.sh is a bit under the weather right now. Someone submitted a
> batch of several million certs to the Goo
On 04/10/16 07:10, Gervase Markham wrote:
>> [4] https://crt.sh/?cablint=1+week
>
> This URL is a 404.
Sorry, crt.sh is a bit under the weather right now. Someone submitted a
batch of several million certs to the Google CT logs, and this has
rather overwhelmed the replication between crt.sh's m
Dear Erwann,
My answers inline marked with ***
Le jeudi 29 septembre 2016 11:45:39 UTC+2, Varga Viktor a écrit :
> Dear Peter,
>
> I am deeply in ETSI process, so I can give info some info:
>
> Formerly the ETSIs are based on
>
> *102042 for CAs
> *101456 for CAs issuing qualif
18 matches
Mail list logo
