On 03/03/16 04:52, [email protected] wrote:
On Wednesday, March 2, 2016 at 7:07:23 AM UTC-8, Rob Stradling wrote:
<snip>
I couldn't help but notice this SHA-1 precertificate issued by Symantec
a couple of days ago:
https://crt.sh/?id=13407116&opt=cablint
<snip>
Rob,
Sanjay, thanks for investigating.
This was a pre-certificate. Our systems do not allow issuance of SHA-1
certificates and no certificate was issued.
Were you aware that RFC6962 says that "misissuance of the Precertificate
is considered equal to misissuance of the final certificate"?
The pre-certificate was logged but then rejected. We are still investigating.
What do you mean by "...but then rejected"?
Serial number 64:a9:32:73:a4:19:d1:64:3f:6b:2d:a3:ca:97:f0:89 is not
currently listed on the CRL.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
