maanantai 16. toukokuuta 2016 12.09.27 UTC+3 Rob Stradling kirjoitti: > On 15/05/16 07:39, Charles Reiss wrote: > > On 04/13/16 20:32, Kathleen Wilson wrote: > >> All, > >> > >> I have added links to reports of the responses to the March 2016 CA > >> Communication survey: > >> > >> https://wiki.mozilla.org/CA:Communications#March_2016_Responses > > > > For question 1a, TeliaSonera indicated "2015 Oct 20", but the following > > SHA-1 server certificate has a notBefore of 17 March 2016 and appears to > > chain to TeliaSonera Root v1: > > https://censys.io/certificates/ff7f4a0f23205127347018555628b05d11a355ed92e9aa59d5eabda750f0f622 > > Hi Charles. > > See also https://crt.sh/?id=15647440 > (This page failed to display the certificate details until I fixed a bug > just now, which could explain why you quoted the Censys page instead ;-) ) > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online
TeliaSonera (now known as Telia Company) did a human mistake when enrolling this mentioned SHA1 certificate by using manual methods. BR restriction was not properly informed to all Registration Officers. It was enrolled because customer's old server couldn't handle SHA-2. This certificate was not included to our reply because our SHA1 listing for reply was based only on our normal issuance method. Now we have checked the whole SSL database that this was the only SHA exception. We will technically prevent this from happening again by disabling the old configurations which are required to issue our SHA1 certificates. We'll also improve our instructions for Registration Officers. Pekka Lahtiharju Senior Development Manager Telia Company CA _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
