> On Aug 8, 2017, at 08:58, Fiedler, Arno via dev-security-policy 
> <dev-security-policy@lists.mozilla.org> wrote:
> Dear Mozilla Security Policy Community,
> Thanks for the advice about the short serial numbers and apologies for the 
> delayed response.
> Since 2016, all D-TRUST TLS certificates based on electronic Certificate 
> Requests have a certificate serial number which includes 64 bits of entropy.
> Between 2012 and July 6th, 2017 we produced a small number of certificates 
> with  paper-based Certificate Registration Requests using 64 bits of entropy 
> in the "DNqualifier" field instead of the serial number field.
> Since the 7th of July, 2017, all D-TRUST TLS-Certificates have 64 bits of 
> entropy in the serial number.
> I hope this helps and please do not hesitate to contact us if there are any 
> further questions.

Hi Arno,

It doesn’t look like this certificate has been revoked yet? 

Can you explain why it hasn’t been revoked yet and when it will be?


dev-security-policy mailing list

Reply via email to