On Wednesday, 15 February 2017 22:02:50 UTC, Rob Stradling  wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth 
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741&opt=cablint
> 
> It lacks the SAN extension, but that doesn't excuse it from the ban on 
> SHA-1!

At time of writing this certificate is installed on a web server, although I 
think only to re-direct visitors to the plain HTTP site. Whether the CA 
believed it would be used on a web server or not, that's what was done.

https://hmrcset.trustis.com/

It's not clear to me whether this is a brochure site, and thus can just be 
upgraded or if it's actually part of the described HMRC SET system itself. 
Either way it's on the web.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to