Yes, that fixed "Microsoft IT SSL SHA2".
The imaginary 280D03194C3141D51152AC160FD1DF675BABFBDA cert has gone.
The real 948E1652586240D453287AB69CAEB8F2F4F02117 cert is now shown as
"Disclosed" on crt.sh.
On 09/05/16 21:27, Ben Wilson wrote:
I think I fixed it by pasting in the right PEM.
-----Original Message-----
From: Rob Stradling [mailto:[email protected]]
Sent: Monday, May 9, 2016 2:07 PM
To: [email protected]; Ben Wilson
<[email protected]>
Subject: Data entry errors (was Re: Undisclosed CA certificates)
On 04/05/16 12:06, Rob Stradling wrote:
<snip>
I'm aiming to produce an (automatically updated) list of CA
certificates that are known to CT but are not (yet) in SalesForce.
As promised, here it is...
https://crt.sh/mozilla-disclosures
This entry is currently in the "Disclosed; Unknown to crt.sh" list:
Microsoft IT SSL SHA2 - 9aa9 Baltimore Baltimore CyberTrust Root
Microsoft Corporation Microsoft IT SSL SHA2
280D03194C3141D51152AC160FD1DF675BABFBDA
However, when I search for 280D03194C3141D51152AC160FD1DF675BABFBDA in
Salesforce, it brings up a record that actually seems to be for this
certificate (which crt.sh currently shows as "Undisclosed, but disclosure is
required!"):
https://crt.sh/?sha1=948e1652586240d453287ab69caeb8f2f4f02117
The "X.509 Certificate (PEM)" field in that Salesforce record contains two
copies of the 948e1652586240d453287ab69caeb8f2f4f02117 cert. This might be
what caused the wrong hash to be calculated.
IINM, it is (still) Mozilla's intention to eventually generate a whitelist
of disclosed intermediates, such that only whitelisted or Technically
Constrained intermediates will be trusted by Firefox. If so, then errors of
this sort could pose a significant problem at some point in the future!
Ben: You might want to fix this record in Salesforce.
Kathleen: Is it possible to persuade Salesforce to validate the entered data
correctly, so that CAs are alerted when something like this happens?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
