在 2016年1月7日星期四 UTC+8上午7:08:10,Paul Wouters写道:
> As was in the news before, Kazakhstan has issued a national MITM
> Certificate Agency.
>
> Is there a policy on what to do with these? While they are not trusted,
> would it be useful to explicitely blacklist these, as to make it
> impossible to trus
在 2019年5月27日星期一 UTC+8上午10:05:25,Matt Palmer写道:
> On Sun, May 26, 2019 at 06:57:08PM -0700, Han Yuwei via dev-security-policy
> wrote:
> > If malloc() is correctly implemented, private keys are secure from
> > Heartbleed. So
> > I think it doesn't meet the criteri
If malloc() is correctly implemented, private keys are secure from Heartbleed.
So
I think it doesn't meet the criteria. CAs can't revoke a certificate without
noticing
subscriber in advance.
But if any bugs found in future which can retrieve private keys from TLS
endpoints,
you can just use au
This raised a question:
How can CA prove they have done CAA checks or not at the time of issue?
在 2019年5月10日星期五 UTC+8上午10:05:36,Jeremy Rowley写道:
> FYI, we posted this today:
>
>
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1550645
>
>
>
> Basically we discovered an issue with our CAA
Thanks for that. So now I should send another email to [email protected] or
just wait for revocation? And who should I contact if this address doesn't work?
在 2019年5月10日星期五 UTC+8上午8:26:09,Jeremy Rowley写道:
> No argument from me there. We generally act on them no matter what.
> Typically any email
Hi m.d.s.p
I have reported a key compromise incident to digicert by contacting
support(at)digicert.com at Apr.13, 2019 and get replied at same day. But it
seems like this certificate is still valid.
This certificate is a code signing certificate and known for signing malware.
So I am here to rep
在 2017年11月23日星期四 UTC+8下午8:24:19,Nick Lamb写道:
> On Thu, 23 Nov 2017 00:50:04 +0100
> Quirin Scheitle via dev-security-policy
> wrote:
>
> > 2) Cloudflare FreeSSL certificates issued by Comodo
> > Batch: https://misissued.com/batch/30/
> > Description: We are not aware that Cloudflare and C
在 2017年11月22日星期三 UTC+8下午5:06:26,Gervase Markham写道:
> We understand that WoTrus (WoSign changed their name some months ago)
> are working towards a re-application to join the Mozilla Root Program.
> Richard Wang recently asked us to approve a particular auditor as being
> suitable to audit their ope
在 2017年8月1日星期二 UTC+8下午8:47:57,Nick Lamb写道:
> On Tuesday, 1 August 2017 08:39:28 UTC+1, Han Yuwei wrote:
> > 1. the CN of two cerificates are same. So it is not necessary to issue two
> > certificates in just 2 minutes.
>
> I think the most likely explanation is the di
https://crt.sh/?id=7040227
https://crt.sh/?id=30328289
I am confused for those reasons.
1. the CN of two cerificates are same. So it is not necessary to issue two
certificates in just 2 minutes.
2. second one used SHA1, though is consistent with BR, but first one used
SHA256.
3. first one has 3