On Sunday, October 30, 2016 at 4:19:12 AM UTC-7, Han Yuwei wrote: > According to their CPS (Chinese version 3.2 Jul.2016), > > 1. All CAs can issue SM2 certificates and uses SM3 Hash. > > 2. There is a "signing key" generated by subscriber and "encryption key" > generated by CFCA which transmitted to subscriber. > > 3. For SSL certificate, the longest vaild duration is 5 years, which is much > more than 39 months. > > Are those conflicting with Mozilla's policy?
https://www.ssllabs.com/ssltest/analyze.html?d=www.cfca.com.cn This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F. Rather ironical for a CA's official site, isn't it? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy