On 09/11/16 18:50, Peter Bowen wrote: > Here are some certs that appear to be for server authentication but > don't have that EKU: > > https://crt.sh/?id=10621190
This one also contains Internal Server Names. And it contains bogus info in the Certificate Policies field. But it's not trusted by Mozilla. > https://crt.sh/?id=32333854 > https://crt.sh/?id=10621157 Both not trusted by Mozilla. > https://crt.sh/?id=12283906 Another BR-non-compliant cert from Postecom - see Digicert's recent post on what's happening there. :-| > https://crt.sh/?id=12797412 This one chains up to the Taiwanese Government Root CA (GRCA). It's not revoked. Seems like a BR violation to me. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
