Hello, > SECOM indicated 2015 Dec 31 but the following certificate as a notBefore of 7 > Jan 2016: > - https://crt.sh/?id=12090324&opt=cablint
We checked again and found the last day issued was January 26, 2016. Those were already revoked. It was informed to the customer that the last day to issue SHA-1 certificates was December31, 2015. However, it seems that the announcement was not enough stop issuing thus we took a measure technically stop issuing SHA-1 SSL certificates. Best regards, Hisashi Kamo > -----Original Message----- > From: dev-security-policy > [mailto:[email protected]] On > Behalf Of > Charles Reiss > Sent: Tuesday, May 10, 2016 4:40 AM > To: [email protected] > Subject: Re: March 2016 CA Communication Responses > > On 04/13/16 20:32, Kathleen Wilson wrote: > > All, > > > > I have added links to reports of the responses to the March 2016 CA > > Communication survey: > > > > https://wiki.mozilla.org/CA:Communications#March_2016_Responses > > For the responses to Question 1a: > > DocuSign (OpenTrust/Keynectis) indicated 2015 Dec 31 but the following > certificate has a notBefore of 10 Feb 2016 and, > according to its CRL, was revoked 11 Feb 2016: > - https://crt.sh/?id=16157906&opt=cablint > > Government of France indicated by 2015 Dec 31 but the following certificate > has notBefores of 11 Jan 2016 and 18 April > 2016: > - https://crt.sh/?id=12129393&opt=cablint > - https://crt.sh/?id=18777122&opt=cablint > > SECOM indicated 2015 Dec 31 but the following certificate as a notBefore of 7 > Jan 2016: > - https://crt.sh/?id=12090324&opt=cablint > > T-Systems International GmbH (Deutsche Telekom) indicated 2016 Jan 15 with > "revoked: 02/02/2016" in the comment, but > the following certificate has a notBefore of 9 March 2016: > - https://crt.sh/?id=15019496&opt=cablint > > > For the responses to Question 4: > > Government of France indicated "None of the above", but the following > certificates include the id-kp-serverAuth EKU but > no dNSName or iPAddress SAN: > - https://crt.sh/?id=12129393&opt=cablint > - https://crt.sh/?id=18777122&opt=cablint > > Government of Hong Kong (SAR) indicated "None of the above", but these > certificates (which chain to Hongkong Post Root > CA 1) are lacking SAN entries and appear to be intended for TLS server usage: > - https://crt.sh/?id=16024471&opt=cablint > - https://crt.sh/?id=12114285&opt=cablint > > > > > > > Please keep in mind that the responses are considered preliminary and > > may be changed until April 22, 2016. And remember that up until about > > 2010, some CAs were issuing 10 year TLS/SSL certificates, so this may > > cause some consternation regarding responses to ACTION #1b. > > > > Also, I still need to add the new "ACTION 1a TEXT INPUT" and "ACTION > > 1b TEXT INPUT" data to the reports. > > > > Thanks, Kathleen > > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
