On Sat, Sep 03, 2016 at 02:18:44PM -0700, Peter Bowen wrote:
> Can you also please check the following two certificates?  It looks
> like they were missed when logging all the 2015 certs.
> https://www.censys.io/certificates/c04748c89de2bf73d56b601cf61db32953dfeca5ef62e0281d326c4ce9035fe2
> https://www.censys.io/certificates/d99309f071141454f805c13551a827aa116bb53daefd8609e296c06b0dcdf720
> Additionally, it looks like there may be a gap in logging for 2016.
> For example, 
> https://www.censys.io/certificates/06797f8095ba4d9c9ec5b9475cff7df3b258069cc89f303cd91dc329eaf0c08f
> does not show up in any log.

Our of curiosity, is anyone keeping a tally of the number of times WoSign
has said, "yep, they're all logged now", only to have more unlogged
certificates turn up?  This is starting to feel like a bit of a repeat of
DigiNotar, insofar as a CA doesn't appear to have a clear record of all

- Matt

dev-security-policy mailing list

Reply via email to