On 28/04/16 01:15, Richard Barnes wrote:
Dear CAs,
As you guys are working toward the June 30 deadline for disclosing
intermediate certificates in SalesForce, I thought I would share some notes
on the undisclosed certificates that we're seeing, so that you can make
sure you get them all uploaded.
Zakir Durumeric from UMich/Censys.io has helpfully compiled a list of CA
certificates that have been observed in Censys scans of the Internet, and
noted which of those certificates are not in SalesForce so far.
Also, crt.sh now regularly downloads
https://wiki.mozilla.org/CA:SubordinateCAcerts and automatically links
the audit info to the relevant CA certificates.
(Example: https://crt.sh/?id=3706739)
I'm aiming to produce an (automatically updated) list of CA certificates
that are known to CT but are not (yet) in SalesForce.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
