We will check this tomorrow. Now our time is 23:32 at night.
Regards, Richard > On 2 Sep 2016, at 23:20, Peter Bowen <[email protected]> wrote: > >> On Fri, Sep 2, 2016 at 8:11 AM, Richard Wang <[email protected]> wrote: >> Yes, we posted all 2015 issued SSL from WoSign trusted root. >> >>> On 2 Sep 2016, at 22:55, Peter Bowen <[email protected]> wrote: >>> Based on CT logs, I have seen certificates from the CAs below, all of >>> which have "WoSign" in the name. Have you logged all certificates >>> which are signed by these CAs and have a notBefore date of >>> 20150101000000Z or later to the WoSign CT log? > > Richard, > > It seems then there is a newly exposed bug. > https://www.censys.io/certificates/e2665bb07940b5bee73145f47c99dcf5781edbe9d78f9cada8f1d702d5e340ad > shows a certificate issued by your CA that has a notBefore in March > 2015. It does not appear in the CT log. However another certificate > with identical serial number and subject, but different Validity, does > appear in the log. > > Are you aware of a bug where you were issuing certificates identical > except for validity period? > > Thanks, > Peter
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
