> On Aug 8, 2017, at 08:58, Fiedler, Arno via dev-security-policy
> <firstname.lastname@example.org> wrote:
> Dear Mozilla Security Policy Community,
> Thanks for the advice about the short serial numbers and apologies for the
> delayed response.
> Since 2016, all D-TRUST TLS certificates based on electronic Certificate
> Requests have a certificate serial number which includes 64 bits of entropy.
> Between 2012 and July 6th, 2017 we produced a small number of certificates
> with paper-based Certificate Registration Requests using 64 bits of entropy
> in the "DNqualifier" field instead of the serial number field.
> Since the 7th of July, 2017, all D-TRUST TLS-Certificates have 64 bits of
> entropy in the serial number.
> I hope this helps and please do not hesitate to contact us if there are any
> further questions.
It doesn’t look like this certificate has been revoked yet?
Can you explain why it hasn’t been revoked yet and when it will be?
dev-security-policy mailing list