> On Aug 8, 2017, at 08:58, Fiedler, Arno via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > Dear Mozilla Security Policy Community, > > Thanks for the advice about the short serial numbers and apologies for the > delayed response. > > Since 2016, all D-TRUST TLS certificates based on electronic Certificate > Requests have a certificate serial number which includes 64 bits of entropy. > > Between 2012 and July 6th, 2017 we produced a small number of certificates > with paper-based Certificate Registration Requests using 64 bits of entropy > in the "DNqualifier" field instead of the serial number field. > > Since the 7th of July, 2017, all D-TRUST TLS-Certificates have 64 bits of > entropy in the serial number. > > I hope this helps and please do not hesitate to contact us if there are any > further questions.
Hi Arno, It doesn’t look like this certificate has been revoked yet? https://crt.sh/?id=174827359&opt=cablint Can you explain why it hasn’t been revoked yet and when it will be? Thanks, Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy