|
Subjunctive posted:I can guarantee that your coworker Wayne is not our Wiggly Wonder. Sounds like something someone would say to throw off suspicion
|
# ? Apr 30, 2024 23:05 |
|
|
# ? Jun 2, 2024 08:24 |
|
Volmarias posted:Sounds like something someone would say to throw off suspicion Is that you Wiggly Wayne? Is this me?
|
# ? Apr 30, 2024 23:10 |
|
spankmeister posted:Is that you Wiggly Wayne? Is this me? ... Is it?
|
# ? Apr 30, 2024 23:11 |
|
anyway there is a discussion brewing, too much to quote https://bugzilla.mozilla.org/show_bug.cgi?id=1890898#c19
|
# ? Apr 30, 2024 23:12 |
|
Volmarias posted:... Is it? I'm trying to do a bit here
|
# ? Apr 30, 2024 23:13 |
|
Wiggly Wayne DDS posted:anyway there is a discussion brewing, too much to quote https://bugzilla.mozilla.org/show_bug.cgi?id=1890898#c19 Ben Wilson posted:We greatly value everyone’s input because it enables us to engage in informed decision-making. We are considering whether these certificates should be revoked. Are there additional insights and opinions regarding that question? It appears that the certificates complied with industry standards and that the replacement certificates would be nearly identical, except for serial numbers and validity periods. In stating your position, please consider and explain both the potential benefits and drawbacks to the Mozilla root program and the security of the internet. Thanks. Amir posted:Comment from https://bugzilla.mozilla.org/show_bug.cgi?id=1890896#c18 applies. Paul Buonopane posted:Were this an isolated incident, I wouldn't have a strong opinion. However, Entrust appears to have a history of pushing the limits when it comes to revocation. Wayne posted:
... Is it happening?
|
# ? Apr 30, 2024 23:31 |
|
Volmarias posted:... Is it happening?
|
# ? Apr 30, 2024 23:39 |
|
do not sleep on this bangerAmir posted:Comment from https://bugzilla.mozilla.org/show_bug.cgi?id=1890896#c18 applies.
|
# ? Apr 30, 2024 23:51 |
|
is this the long promised happening it looks like there’s now Apple, Google, and Mozilla root program managers all with eyes on this mess
|
# ? Apr 30, 2024 23:56 |
|
lament.cfg posted:do not sleep on this banger number 5 is pretty spicy 🌶️
|
# ? Apr 30, 2024 23:56 |
|
Raymond T. Racing posted:is this the long promised happening nothing is happenable until the root program managers look, soooo
|
# ? May 1, 2024 00:06 |
|
Captain Foo posted:nothing is happenable until the root program managers look, soooo well all the root program managers are looking
|
# ? May 1, 2024 00:07 |
|
Raymond T. Racing posted:well all the root program managers are looking exactly!
|
# ? May 1, 2024 00:09 |
|
Them looking doesn't imply happening will happen, only that happening may or may not happen to happen.
|
# ? May 1, 2024 00:12 |
|
if it happens, will the happening be a happenstance or pure happenchance,
|
# ? May 1, 2024 00:14 |
|
Volmarias posted:Them looking doesn't imply happening will happen, only that happening may or may not happen to happen. No, but them looking is a prerequisite for distrust to be happenable
|
# ? May 1, 2024 00:17 |
|
who was the last root to lose trust like this? it feels like it has been a few years
|
# ? May 1, 2024 00:39 |
|
5. What are the other Mozilla Root Program rules that don't matter? got an audible lmao from me
|
# ? May 1, 2024 00:51 |
|
Lain Iwakura posted:who was the last root to lose trust like this? it feels like it has been a few years TrustCor because Rachel McPherson couldn't keep her foot out of her mouth and imploded a CA by being combative in all her responses to CA/B concerns about TrustCor https://security.googleblog.com/2023/01/sustaining-digital-certificate-security_13.html https://support.apple.com/en-us/102798 https://www.sectigo.com/resource-library/root-causes-260-ca-trustcor-deprecated
|
# ? May 1, 2024 00:54 |
|
Raymond T. Racing posted:is this the long promised happening did Apple show up?
|
# ? May 1, 2024 01:05 |
|
Subjunctive posted:did Apple show up? Clint Wilson looks like he’s Apple.
|
# ? May 1, 2024 01:17 |
|
Raymond T. Racing posted:Clint Wilson looks like he’s Apple. oh I missed him commenting, nice I wonder if he and Google Ryan would join a d-s-p thread
|
# ? May 1, 2024 01:20 |
|
SeaborneClink posted:TrustCor because Rachel McPherson couldn't keep her foot out of her mouth and imploded a CA by being combative in all her responses to CA/B lol those posts from rachel are a doozy
|
# ? May 1, 2024 01:25 |
|
she’s kinda right about CNNIC
|
# ? May 1, 2024 01:27 |
|
Wiggly Wayne DDS posted:anyway there is a discussion brewing, too much to quote https://bugzilla.mozilla.org/show_bug.cgi?id=1890898#c19 i'm
1. This probably ends in Entrust being distrusted.
|
# ? May 1, 2024 03:14 |
|
salivary glands sensing bloodCaptain Foo posted:lol if you think there’s anyone at my company that would understand this except me
|
# ? May 1, 2024 03:31 |
|
lol i had completely forgotten about trustcor, i thought that was years ago but apparently it was like last year? https://cabforum.org/about/membership/members/ why are they still in the CA/Browser Forum if they aren't in any root stores any more? was it cheaper to pay up front for a 5 year subscription to the CA/BF lol why are they still posting online about how mad they are over a year later ahaha https://trustcor.com/news/01262024.php it's a huge wall of text and i regret clicking Read More but quote:Many of you are already aware that certificate issuance by TrustCor ceased in 2022, but in keeping true to our word, we stuck around to help with the transition and remained fully-supported with customer service, certificate status services, world-wide trust and proper technical behaviour for certificates issued before November 1, 2022 through the extent of their certificate life-cycle. lmao wanting credit for providing customer service for "the extent of the certificate life-cycle". yep, that sure is a 398 day certificate we issued to you in exchange for your money. yep, it's not expired. nope it doesn't work in any browsers lol
|
# ? May 1, 2024 03:37 |
|
updating the blog but not any of the support FAQs i seehttps://www.trustcorsystems.com/faq posted:How long are TrustCor certificates valid?
|
# ? May 1, 2024 03:41 |
|
shackleford posted:updating the blog but not any of the support FAQs i see Please file an incident for CPS+CCADB not being updated
|
# ? May 1, 2024 04:13 |
|
redleader posted:5. What are the other Mozilla Root Program rules that don't matter? got an audible lmao from me This is the kind of statement that would get me a managerial Talking To were I to say it.
|
# ? May 1, 2024 06:21 |
|
so entrust's pr team added themselves to the cc list on the snowballing issue involving ben. i gather they didn't realise that's all public.. anyway only through the pr team inviting themselves did i notice they have a cybersecurity podcast with an episode as recent as 7 days ago. the cert expired april 28th
|
# ? May 1, 2024 18:30 |
|
lol and lmao even
|
# ? May 1, 2024 18:35 |
|
“should we revoke the certificates?” “no let’s call PR instead”
|
# ? May 1, 2024 18:35 |
|
prevent revocation
|
# ? May 1, 2024 19:00 |
|
Zamujasa posted:prevent revocation Public Ridicule
|
# ? May 1, 2024 19:20 |
|
Raymond T. Racing posted:lol and lmao even lomarf, also
|
# ? May 1, 2024 19:50 |
|
Probably Revocable
|
# ? May 1, 2024 19:50 |
|
This is leagues outside my area of competence (which isn't that big to begin with). Am I right in reading that Entrust's response to all verified reported breaches of the certificate rules is "Nah, we don't want to"?
|
# ? May 1, 2024 19:51 |
|
Arsenic Lupin posted:This is leagues outside my area of competence (which isn't that big to begin with). Am I right in reading that Entrust's response to all verified reported breaches of the certificate rules is "Nah, we don't want to"? more or less edit: they're citing a single paragraph of Mozilla's root program rules that don't really apply, and using that to justify their refusal to revoke. that paragraph also has no impact on other root programs allowance of not revoking
|
# ? May 1, 2024 19:52 |
|
|
# ? Jun 2, 2024 08:24 |
|
they are also being real dickish about their "leadership" and how they're completely familiar with the rules and requirements (which is why they should be allowed to break them) and then immediately being shown to have a completely superficial understanding like the "maybe we will consider establishing a process to review our contact details in the database once a year" thing where another CA piped up with "actually here is the chain of rules that result in requiring your contact details to be kept up to date within 14 days"
|
# ? May 1, 2024 20:35 |