On 12/10/13 01:03, Kathleen Wilson wrote:
On 10/10/13 4:03 PM, Kathleen Wilson wrote:
All,
I'm going to be making the following changes to
http://www.mozilla.org/projects/security/certs/included/
1) Add "SHA1 Fingerprint" column
2) Convert the three trust bit columns into one column like pending list
(http://www.mozilla.org/projects/security/certs/pending/)
3) In the "EV Enabled" column change each “Yes” to the correspond EV
Policy OID
Please respond asap if you foresee any issues with these changes.
Also, note that there will be some transition time as I'm working
through these changes.
Kathleen
Done.
Please let me know if you notice any errors in the spreadsheet.
Thanks Kathleen. I've compared your updated spreadsheet to my records
and found the following errors in your spreadsheet...
2 of the SHA-1 fingerprints are incorrect. The correct values are:
GeoTrust Universal CA:
E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
GeoTrust Universal CA 2:
37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
PSCProCert: The OU "Superintendencia de Servicios de Certificacion
Electronica" should be "Proveedor de Certificados PROCERT".
("Superintendencia..." is the OU of the SUSCERTE Root Certificate, but
according to Bug #810010 "it was determined that SUSCERTE’s sub-CAs
should apply for inclusion themselves as separate trust anchors").
The Izenpe Root has 2 EV OIDs, but this one is missing:
1.3.6.1.4.1.14777.6.1.2
The "ValiCert Class 2 Policy Validation Authority" Root has 2 EV OIDs,
but this one is missing:
2.16.840.1.114414.1.7.23.3
The KEYNECTIS "Class 2 Primary CA" Trust Bits are listed as "Website
Emai" (missing "l").
The "From" dates for these 3 Roots are 1 day out:
VeriSign Class 1 Public PCA – G2
VeriSign Class 4 Public PCA - G3
VeriSign Universal Root Certification Authority
The "To" dates for these 2 Roots are 1 day out:
GeoTrust Universal CA
GeoTrust Universal CA 2
The CN "S-TRUST Authentication and Encryption Root CA 2005:PNS"
shouldn't have that "S" at the end.
The O "Agencia Catalana de Certificacio" is truncated. It should be
"Agencia Catalana de Certificacio (NIF Q-0801176-I)".
"VeriSign, Inc." - the double-quotes around this, and around the
associated OU fields, are unnecessary.
(Or, if you want to keep the double-quotes, there's one missing for the
cert with fingerprint beginning CE:6A:64:A3...).
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
