Re: Removal of 1024 bit roots - Thawte and GTE CyberTrust

[Hubert Kario]

----- Original Message -----
> From: "Kathleen Wilson" <kwil...@mozilla.com>
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Sent: Tuesday, September 2, 2014 10:43:56 PM
> Subject: Re: Removal of 1024 bit roots - Thawte and GTE CyberTrust
> 
> On 9/2/14, 10:53 AM, Hubert Kario wrote:
> > Removing the Thawte 1024 bit roots[1] causes following changes:
> >
> > Untrusted: +33 sites.
> > Incomplete chain: +153, -2 sites.
> > Complete chain: -184 sites.
> >
> > Sites that become untrusted:
> > aclens.com@199.242.144.30
> > brillenplatz.de@83.141.56.30
> > copagloja.com.br@54.225.100.66
> > cqccms.com.cn@124.207.135.23
> > datatilsynet.no@80.232.122.99
> > drewag.de@77.75.249.212
> > easy-forex.com@64.14.56.6
> > fachverlag-computerwissen.de@78.111.65.215
> > foreverwedstore.com@208.77.51.191
> > gold-super-markt.de@94.186.152.196
> > gold-to-go.com@94.186.152.196
> > golf.de@194.97.154.131
> > gumball3000.com@134.0.19.106
> > jokerit.com@89.250.52.17
> > loytec.com@88.198.4.4
> > madeindesign.de@194.213.124.118
> > meventi.com@78.47.246.235
> > motor-talk.de@94.198.62.121
> > nct.ie@193.120.166.32
> > ncts.ie@193.120.166.32
> > now.cn@119.146.222.146
> > pctonline.com@66.181.99.28
> > recyclingtoday.com@66.181.99.26
> > santander.be@212.78.166.49
> > showoffimports.nl@91.216.34.51
> > slotastic.com@54.204.19.24
> > tcd.ie@134.226.14.90
> > todaynic.com@119.146.222.146
> > whitireia.ac.nz@202.2.11.59
> > www.cqccms.com.cn@125.35.1.213
> > www.now.cn@119.146.222.153
> > www.todaynic.com@119.146.222.153
> > www.uri.edu@131.128.1.19
> >
> 
> 
> Looks like those SSL certs are 5 year certs that were issued in 2010, so
> those site administrators will be needing to update their certs within
> the next year.
> 
> The change is currently targeted for Firefox 35 (early January). That
> gives Thawte/Symantec time to contact these customers, and get their
> certs updated.

OK, I'll definitely will do another scan before that time.

> > Removal of the GTE root has bigger impact:
> >
> > complete -86
> > incomplete +17, -8
> > untrusted +77
> >
> > since the list is so large I won't be quoting it here.
> 
> Would you please attach the list to the bug?

done
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hka...@redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy