On 04/05/16 11:35, Ben Laurie wrote:
On 28 April 2016 at 12:31, Rob Stradling <[email protected]> wrote:
On 28/04/16 01:15, Richard Barnes wrote:
Dear CAs,
As you guys are working toward the June 30 deadline for disclosing
intermediate certificates in SalesForce, I thought I would share some
notes
on the undisclosed certificates that we're seeing, so that you can make
sure you get them all uploaded.
Zakir Durumeric from UMich/Censys.io has helpfully compiled a list of CA
certificates that have been observed in Censys scans of the Internet, and
noted which of those certificates are not in SalesForce so far.
Also, crt.sh now regularly downloads
https://wiki.mozilla.org/CA:SubordinateCAcerts and automatically links the
audit info to the relevant CA certificates.
(Example: https://crt.sh/?id=3706739)
I'm aiming to produce an (automatically updated) list of CA certificates
that are known to CT but are not (yet) in SalesForce.
As promised, here it is...
https://crt.sh/mozilla-disclosures
Updates made in SalesForce should be reflected on this page within 10
minutes or so.
FWIW, we've recently changed how we preload chains, and as a result
more intermediates should be logged in Google's logs, at least.
Excellent. :-)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
