This should be resolved for the Amazon Trust Services ICAs now. On Tuesday, May 12, 2026 at 9:41:53 AM UTC-7 Trevoli Ponds-White wrote:
> Hi Anupama, we think this might be an issue on our side when we imported > the pem file. Not a CCADB issue. Our team is looking into this now. > > Thanks, > Trevoli Ponds-White > Amazon Trust Services > > On Monday, May 11, 2026 at 11:22:52 AM UTC-7 Anupama M wrote: > >> Hi Mozilla Team, >> >> Reporting a regression in the PEM column of >> MozillaIntermediateCertsCSVReport (snapshot 2026-05-07) downloaded from >> https://ccadb.my.salesforce-sites.com/mozilla/MozillaIntermediateCertsCSVReport >> . >> >> 18 rows have a blank line directly after the pre-encapsulation boundary — >> the byte sequence is -----BEGIN CERTIFICATE-----\n\nMII… instead of >> -----BEGIN >> CERTIFICATE-----\nMII…. This violates RFC 7468 §3 ("There is no blank >> line between the pre-encapsulation boundary and the encapsulated text") and >> is rejected outright by strict PEM parsers. The same bug also appears to >> throw the wrap counter for the rest of the body in those 18 rows, producing >> pathological 64/1/62/2/… line widths. >> >> The underlying certificate data is fine — every PEM still decodes to a >> cert whose SHA-256 matches the row's SHA256 column — so this is purely a >> CSV-generator regression. >> >> Affected rows are all Amazon S-series intermediates: >> >> - Amazon ECDSA 256 S06–S09 (4 certs, issued by Amazon Root CA 4) >> - Amazon ECDSA 384 S06–S13 (8 certs, issued by Amazon Root CA 4) >> - Amazon RSA 2048 S06–S11 (6 certs, issued by Amazon Root CA 1) >> >> Happy to share the full list of 18 SHA-256s or the analysis script if >> useful. >> >> Thanks, >> >> Anupama M >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/9708c814-1d56-488b-a9f6-e539629d34ecn%40mozilla.org.
