On 04/13/16 20:32, Kathleen Wilson wrote:
All,
I have added links to reports of the responses to the March 2016 CA
Communication survey:
https://wiki.mozilla.org/CA:Communications#March_2016_Responses
For the responses to Question 1a:
DocuSign (OpenTrust/Keynectis) indicated 2015 Dec 31 but the following
certificate has a notBefore of 10 Feb 2016 and, according to its CRL,
was revoked 11 Feb 2016:
- https://crt.sh/?id=16157906&opt=cablint
Government of France indicated by 2015 Dec 31 but the following
certificate has notBefores of 11 Jan 2016 and 18 April 2016:
- https://crt.sh/?id=12129393&opt=cablint
- https://crt.sh/?id=18777122&opt=cablint
SECOM indicated 2015 Dec 31 but the following certificate as a notBefore
of 7 Jan 2016:
- https://crt.sh/?id=12090324&opt=cablint
T-Systems International GmbH (Deutsche Telekom) indicated 2016 Jan 15
with "revoked: 02/02/2016" in the comment, but the following certificate
has a notBefore of 9 March 2016:
- https://crt.sh/?id=15019496&opt=cablint
For the responses to Question 4:
Government of France indicated "None of the above", but the following
certificates include the id-kp-serverAuth EKU but no dNSName or
iPAddress SAN:
- https://crt.sh/?id=12129393&opt=cablint
- https://crt.sh/?id=18777122&opt=cablint
Government of Hong Kong (SAR) indicated "None of the above", but these
certificates (which chain to Hongkong Post Root CA 1) are lacking SAN
entries and appear to be intended for TLS server usage:
- https://crt.sh/?id=16024471&opt=cablint
- https://crt.sh/?id=12114285&opt=cablint
Please keep in mind that the responses are considered preliminary and
may be changed until April 22, 2016. And remember that up until about
2010, some CAs were issuing 10 year TLS/SSL certificates, so this may
cause some consternation regarding responses to ACTION #1b.
Also, I still need to add the new "ACTION 1a TEXT INPUT" and "ACTION
1b TEXT INPUT" data to the reports.
Thanks, Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
