What's it going to take for mozilla to set up near real-time monitoring/auditing of certs showing up in ct logs?
Lee On 8/9/17, Alex Gaynor via dev-security-policy <[email protected]> wrote: > (Whoops, accidentally originally CC'd to m.d.s originally! Original mail > was to IdenTrust) > > Hi, > > The following certificates appear to be misissued: > > https://crt.sh/?id=77893170&opt=cablint > https://crt.sh/?id=77947625&opt=cablint > https://crt.sh/?id=78102129&opt=cablint > https://crt.sh/?id=92235995&opt=cablint > https://crt.sh/?id=92235998&opt=cablint > > All of these certificates have a pathLenConstraint value with CA:FALSE, > this violates 4.2.1.9 of RFC 5280: CAs MUST NOT include the > pathLenConstraint field unless the cA boolean is asserted and the key usage > extension asserts the keyCertSign bit. > > Alex > > -- > "I disapprove of what you say, but I will defend to the death your right to > say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > > > > > -- > "I disapprove of what you say, but I will defend to the death your right to > say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
