On Sat, Sep 03, 2016 at 02:18:44PM -0700, Peter Bowen wrote: > Can you also please check the following two certificates? It looks > like they were missed when logging all the 2015 certs. > > https://www.censys.io/certificates/c04748c89de2bf73d56b601cf61db32953dfeca5ef62e0281d326c4ce9035fe2 > https://www.censys.io/certificates/d99309f071141454f805c13551a827aa116bb53daefd8609e296c06b0dcdf720 > > Additionally, it looks like there may be a gap in logging for 2016. > For example, > https://www.censys.io/certificates/06797f8095ba4d9c9ec5b9475cff7df3b258069cc89f303cd91dc329eaf0c08f > does not show up in any log.
Our of curiosity, is anyone keeping a tally of the number of times WoSign has said, "yep, they're all logged now", only to have more unlogged certificates turn up? This is starting to feel like a bit of a repeat of DigiNotar, insofar as a CA doesn't appear to have a clear record of all issuance. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy