On 28/10/16 16:11, Patrick Figel wrote: > I found a number of SHA-1 certificates chaining up to CAs trusted by > Mozilla that have not been brought up on this list or on Bugzilla yet. > Apologies in case I missed prior discussion for any of these, and kudos > to censys for making this search incredibly easy.
See also: https://crt.sh/?cablint=211&minNotBefore=2016-01-01 (Note: This shows all SHA-1 certs with notBefore dates in 2016 that are known to crt.sh. Some of these certs might not be trusted by Mozilla) -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
