Thanks Kathleen.
PublicAllIntermediateCertsCSV is missing quite a few entries compared to
my own CSV export of the "All Public Intermediate Certs" report.
I've reviewed the differences. It looks like you're now omitting
incomplete records and records for intermediates that didn't actually
need to be disclosed. I presume this is deliberate change, and I think
it makes sense.
In case anyone's interested, here's a list of the currently disclosed
intermediates that aren't in PublicAllIntermediateCertsCSV:
https://docs.google.com/spreadsheets/d/1nd2ie-JsS2CxMOX5nBGQgQEelhmkq-OcTKkvCe4U42Q/edit?usp=sharing
One oddity: Some intermediates (e.g. https://crt.sh/?id=17014784)
contain the EKU extension with the MS SGC and/or NS Step-Up OIDs and
_not_ id-kp-serverAuthentication. The policy says that these don't need
to be disclosed, but Firefox does trust them as issuers of server
authentication certs.
On 16/05/16 19:27, Kathleen Wilson wrote:
The new reports are at the following new links. A couple columns were added:
'Parent Name', 'SHA-256 Fingerprint'.
https://mozillacaprogram.secure.force.com/CA/PublicAllIntermediateCerts
https://mozillacaprogram.secure.force.com/CA/PublicAllIntermediateCertsCSV
I have also updated the links in wiki page.
https://wiki.mozilla.org/CA:SubordinateCAcerts
Thanks,
Kathleen
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
