When I try to upload some of these listed as "Unconstrained id-kp-serverAuth Trust" undisclosed, I get a warning that says, "This certificate is considered to be technically-constrained as per Mozilla policy, so it does not need to be added to the CA Community in Salesforce. All data that you enter into Salesforce will be publicly available, so please make sure you do not enter sensitive information that should not be published. ... I understand, proceed anyways." I also noticed that some on the list are not publicly trusted because the root is not in the trust store or is not signed by a root that is in the trust store. Ben
-----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Peter Bowen Sent: Monday, June 20, 2016 11:59 AM To: Rob Stradling <[email protected]> Cc: [email protected] Subject: Re: Intermediate certificate disclosure deadline in 2 weeks On Fri, Jun 17, 2016 at 4:12 AM, Rob Stradling <[email protected]> wrote: > Friendly reminder to all CA representatives: > > Don't forget the June 30th deadline! And don't leave it until the > last minute if you have lots of intermediate certificates to disclose! > > https://crt.sh/mozilla-disclosures > ...lists (under "Unconstrained id-kp-serverAuth Trust: Disclosure is > required!") the (many!) qualifying intermediate certificates that are > known to CT and that have not yet been disclosed to Salesforce. I found one bug in this list -- it is including self-signed certificates, which are not subject to disclosure, as they clearly don't chain back to a root in the Mozilla trust store. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
