|
From: Kathleen Wilson Sent: Tuesday, October 29, 2013 1:38 PM Subject: Re: Mozilla not compliant with RFC 5280 |
From: Eddy Nigg |
From: Matthias Hunstock Sent: Friday, November 1, 2013 10:46 AM Subject: Re: Mozilla not compliant with RFC 5280 |
Subject: Re: Netcraft blog, violations of CABF Baseline Requirements, any consequences? |
From: Eddy Nigg Sent: Friday, November 1, 2013 6:04 PM Subject: Re: Netcraft blog, violations of CABF Baseline Requirements, any consequences? |
From: Brian Smith Sent: Friday, November 1, 2013 7:12 PM To: fhw...@gmail.com Cc: Eddy Nigg; mozilla-dev-s...@lists.mozilla.org Subject: Re: Netcraft blog, violations of CABF Baseline Requirements, any consequences? |
From: fhw...@gmail.com Sent: Friday, November 1, 2013 5:50 PM To: Matthias Hunstock; mozilla-dev-s...@lists.mozilla.org |
Subject: Re: Mozilla not compliant with RFC 5280 |
From: Matthias Hunstock Sent: Friday, November 1, 2013 10:46 AM Subject: Re: Mozilla not compliant with RFC 5280 |
From: Phillip Hallam-Baker Sent: Friday, November 8, 2013 11:51 AM To: Jeremy Rowley |
Subject: Re: Mozilla not compliant with RFC 5280 |
I imagine every CA would agree with you. OCSP stapling is a great idea, but the number of servers deploying it are very low. I don’t believe any CAs support the idea of getting rid of revocation checking.
From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digice...@lists.mozilla.org] On Behalf Of fhw...@gmail.com
Sent: Friday, November 08, 2013 6:42 AM
To: mozilla-dev-s...@lists.mozilla.org
Subject: Re: Mozilla not compliant with RFC 5280
I was hoping to see more responses on this issue. Does that mean people agree it's a problem but aren't sure what to do about it? Is it a small problem because Firefox already does OCSP and all the CA's do too? Or...?
Thanks.
From: fhw...@gmail.com
Sent: Friday, November 1, 2013 5:50 PM
To: Matthias Hunstock; mozilla-dev-s...@lists.mozilla.org
Subject: Re: Mozilla not compliant with RFC 5280
I think that is correct, Matthias.
What's more is that anyone who issues an end-entity cert will be unable to stop FF from using that cert in the future--without OCSP setup--until the expiration date. (I'll need someone to correct me on that.)
I gotta believe there are people out there who issue(d) CRL's thinking that they are now protected when in reality they are not.
From: Matthias Hunstock
Sent: Friday, November 1, 2013 10:46 AM
To: mozilla-dev-s...@lists.mozilla.org
Subject: Re: Mozilla not compliant with RFC 5280
Am 29.10.2013 19:37, schrieb Kathleen Wilson:
> The goal is for the revocation-push mechanism to be used instead of
> traditional CRL checking, for reasons described in the wiki page and the
> research paper.
Everyone with a "self-made" CA will be completely cut off from
revocation checking, except there is an OCSP responder?
Matthias
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
From: Eddy Nigg Sent: Monday, November 11, 2013 2:39 PM Subject: Re: Mozilla not compliant with RFC 5280 |
From: Kathleen Wilson Sent: Wednesday, November 13, 2013 1:31 PM Subject: Re: Mozilla not compliant with RFC 5280 |
From: fhw...@gmail.com Sent: Friday, December 6, 2013 8:27 AM To: Kathleen Wilson; mozilla-dev-s...@lists.mozilla.org Subject: Firefox users vulnerable to cert theft (was: Mozilla not compliant with RFC 5280) |
From: Kathleen Wilson Sent: Wednesday, November 13, 2013 1:31 PM Subject: Re: Mozilla not compliant with RFC 5280 |