On 09/11/2016 14:26, Rob Stradling wrote:
...
On 09/11/16 13:02, Gervase Markham wrote:
...
I can't seem to
use censys.io to work out why it thinks we trust it, because I thought
that we didn't trust all of that stuff.
Paths from this cert up to an NSS built-in root do exist, but they all
contain at least one expired or revoked intermediate.
I'm guessing that Censys isn't considering the revocation status of
intermediates in the manner that crt.sh does.
See here: https://crt.sh/?caid=373&opt=mozilladisclosure
Did I hear rumors that some browsers don't check this either?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
