On 07/09/16 15:01, Thijs Alkemade wrote: <snip> > What is suspicious is: > > - Twice as many SHA-1 certificates being issued on a specific Sunday in > December than the daily average that month. (Which also happens to be the > date on the certificates which I personally got from the StartEncrypt API.)
There could be an entirely innocent explanation for this. Lots of people were stockpiling SHA-1 certs during December 2015. Daily certificate issuance rates do vary. > - The long difference between the notBefore and the embedded SCTs, if any. > - Some of these certificates having an almost identical copy issued using > SHA-256 on a date in January. If the SHA-1 cert has embedded SCTs, then the > SHA-256 cert has them too and the SCTs of both certs are less than a minute > apart. > > Of course, I can’t present hard cryptographic evidence that these > certificates did not exist then, but I fear nothing can. Indeed. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy