This one is interesting since the domain name of the CRL resolves to an RFC 
1918 IP address. Surely that is a violation of the baseline requirements.

https://crt.sh/?sha256=b82210cde9ddea0e14be29af647e4b32f96ed2a9ef1aa5baa9cc64b38b6c01ca

Regards

Rich.


On Thursday, June 8, 2017 at 12:45:25 AM UTC+1, Jonathan Rudenberg wrote:
> > On Jun 5, 2017, at 09:29, Alex Gaynor via dev-security-policy 
> > <dev-security-policy@lists.mozilla.org> wrote:
> > 
> > Happy Monday!
> > 
> > Another week, another set of intermediate certs that have shown up in CT
> > without having been properly disclosed:
> > https://crt.sh/mozilla-disclosures#undisclosed
> 
> Yet another batch of undisclosed intermediates has shown up in CT:
> 
> - 
> https://crt.sh/?sha256=f01c1aca392882af152e9f01ecccd0afddd8aa35bf895b003198b1e8c752ddb8
> - 
> https://crt.sh/?sha256=29d8ac29f9007a6ad7923fdade32ef814ba3c6751551cf765416e8dbd8ff7619
> - 
> https://crt.sh/?sha256=c02739e63880368967bb27fedf0a5749aeaf62a2328c09a7a33e876b4f27adca
> - 
> https://crt.sh/?sha256=b82210cde9ddea0e14be29af647e4b32f96ed2a9ef1aa5baa9cc64b38b6c01ca
> - 
> https://crt.sh/?sha256=8e8c6ebf77dc73db3e38e93f4803e62b6b5933beb51ee4152f68d7aa14426b31
> - 
> https://crt.sh/?sha256=48db8801874e0e36b1b864603b31648b74e2322a8f9e4967a8f54bd1b8f594de
> - 
> https://crt.sh/?sha256=1bc400808ab07b775c811c631d75ab38fe7be7df6967f5b384bfe8dc9ef807c6
> - 
> https://crt.sh/?sha256=f1f072c64d69e573725533e83a601bb8b068f6699e59ba70eda2aecb28e06bfb

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to