Twitter | Pretraživanje | |
Rob Stradling
489
Tweetovi
73
Pratim
356
Osobe koje vas prate
Tweetovi
Rob Stradling 29. sij
Odgovor korisniku/ci @LunixA380 @jameshartig @SectigoHQ
Cache/latency wasn't the problem in this particular case. already acknowledged that the CAA record was not added until after we'd performed the CAA checks. Since the certificate request was then abandoned, we didn't retry the CAA checks after the record was added.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 28. sij
Odgovor korisniku/ci @jameshartig @SectigoHQ
I can't tell if the Support agent misunderstood you, or if they misunderstood this detail of the CAA algorithm. I can tell you (as co-author of the CAA RFC and author of Sectigo's CAA checker code) that our CAA checker would not be affected by any such misunderstandings.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 28. sij
Odgovor korisniku/ci @Cryptoki
lol
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 28. sij
Odgovor korisniku/ci @jameshartig @SectigoHQ
We'll reply fully via cabfquest, since you've also enquired there. Quick summary: We are following CAA resolution correctly. When we performed a CAA check for at 2020-01-27 16:05:31 UTC, the response was an empty CAA RRset.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 27. sij
Odgovor korisniku/ci @Cryptoki
I suspect that there are many more than two CAs compliant with SC17. (Hint: Not issuing PSD2 certs is one way to comply. :-) )
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 20. sij
Odgovor korisniku/ci @rmhrisk
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 20. sij
Odgovor korisniku/ci @rmhrisk
IINM, including the tag/length in {{subjectKeyId}} doesn't work with Censys either.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 20. sij
Odgovor korisniku/ci @rmhrisk
It seems odd that {{subjectKeyId}} includes the tag/length but {{authKeyId}} omits the tag/length.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 20. sij
Odgovor korisniku/ci @rmhrisk
Thanks. now uses SubjectKeyIdSiblingsLink for ?pv= searches, but the links don't actually work due to the 2-byte ("04nn") OCTET STRING tag/length being present in {{subjectKeyId}}.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 18. sij
Odgovor korisniku/ci @rmhrisk
I've added IssuerDNLink, AuthKeyIdParentLink and SubjectKeyIdParentLink to 's ?pv= pages. I think I actually need a "SubjectKeyIdSiblingsLink" though. Also, does {{subjectKeyId}} have to include the 2-byte ("04nn") OCTET STRING tag/length?
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 12. sij
Odgovor korisniku/ci @rmhrisk @bitcynth
It was a welcome half hour distraction for a Friday afternoon :-)
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 10. sij
Odgovor korisniku/ci @rmhrisk
Yeah, why not... :-)
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 8. sij
Odgovor korisniku/ci @lukegb
Thanks! Fixed. (Sorry about that...I had been frantically tweaking some pain points that only became apparent when the new site started receiving significant traffic).
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 8. sij
Odgovor korisniku/ci @lukegb
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 8. sij
Odgovor korisniku/ci @mattiasgeniar
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 8. sij
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 3. sij
Odgovor korisniku/ci @TychoTithonus @JoeBeOne
The new system is nearly fully ready. I expect we'll switch the A/AAAA records to point to it early-ish next week.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 28. pro
Odgovor korisniku/ci @Cryptoki
Thanks! And to you!
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 9. pro
Making progress.
Reply Retweet Označi sa "sviđa mi se"
Rob Stradling 3. pro
Odgovor korisniku/ci @LunixA380 @InfoSec_Paul_M @SectigoHQ
PostgreSQL doesn't have a uint32 datatype. The new database setup is nearly finished.
Reply Retweet Označi sa "sviđa mi se"