My understanding is that CAs are not to add CAs with an EKU extension that doesn't include anyEKU or serverAuth, but this list appears to include those?
Thanks, Wayne > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > [email protected]] On Behalf Of Richard > Barnes > Sent: Wednesday, April 27, 2016 5:16 PM > To: [email protected] > Cc: Zakir Durumeric <[email protected]> > Subject: Undisclosed CA certificates > > Dear CAs, > > As you guys are working toward the June 30 deadline for disclosing > intermediate certificates in SalesForce, I thought I would share some notes > on the undisclosed certificates that we're seeing, so that you can make sure > you get them all uploaded. > > Zakir Durumeric from UMich/Censys.io has helpfully compiled a list of CA > certificates that have been observed in Censys scans of the Internet, and > noted which of those certificates are not in SalesForce so far. > > I've posted the list here for your reference: > https://gist.github.com/bifurcation/bf994d9fc3753f78472da8233da1fe52 > > Note that this list is static, so if you add a certificate to SalesForce, it > won't > instantly disappear from this list. But we'll try to update it every so > often as > we approach June 30, and will notify this list when we do. > > Cheers, > --Richard > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
