Apparently they haven’t yet, but we’ll assume that they will. Does the community expect a remediation plan for their code and then a revocation-and-replacement plan?
Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Alex Gaynor [mailto:agay...@mozilla.com] Sent: Friday, August 11, 2017 8:31 AM To: Ben Wilson <ben.wil...@digicert.com> Cc: Jeremy Rowley <jeremy.row...@digicert.com>; Jonathan Rudenberg <jonat...@titanous.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Certificates with less than 64 bits of entropy Have they fixed whatever issue there is with their PKI infrastructure that leads to this issue? From skimming, I see this pool contains certs issued as recently as one month ago. Alex On Fri, Aug 11, 2017 at 10:26 AM, Ben Wilson via dev-security-policy <dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists.mozilla.org> > wrote: With regard to Siemens, given the large number of certificates and the disruption that massive revocations will have on their infrastructure, what does this community expect them to do? -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+ben <mailto:dev-security-policy-bounces%2Bben> =digicert....@lists.mozilla.org <mailto:digicert....@lists.mozilla.org> ] On Behalf Of Jeremy Rowley via dev-security-policy Sent: Thursday, August 10, 2017 12:01 PM To: Jonathan Rudenberg <jonat...@titanous.com <mailto:jonat...@titanous.com> >; mozilla-dev-security-pol...@lists.mozilla.org <mailto:mozilla-dev-security-pol...@lists.mozilla.org> Subject: RE: Certificates with less than 64 bits of entropy Hi Jonathan, InfoCert's sub CA was revoked on August 1, 2017. We'll reach out to Siemens. They moved to Quovadis a while ago and are no longer issuing from that Sub CA. Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley <mailto:dev-security-policy-bounces%2Bjeremy.rowley> =digicert....@lists.mozilla.org <mailto:digicert....@lists.mozilla.org> ] On Behalf Of Jonathan Rudenberg via dev-security-policy Sent: Thursday, August 10, 2017 9:26 AM To: mozilla-dev-security-pol...@lists.mozilla.org <mailto:mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Certificates with less than 64 bits of entropy > On Aug 10, 2017, at 11:20, Jonathan Rudenberg via dev-security-policy > <dev-security-policy@lists.mozilla.org > <mailto:dev-security-policy@lists.mozilla.org> > wrote: > > QuoVadis (560) > Siemens Issuing CA Internet Server 2016 (560) > > D-TRUST (224) > D-TRUST SSL Class 3 CA 1 2009 (178) > D-TRUST SSL Class 3 CA 1 EV 2009 (45) > D-TRUST Root Class 3 CA 2 EV 2009 (1) > > DigiCert (85) > Siemens Issuing CA Class Internet Server 2013 (82) > InfoCert Web Certification Authority (3) > > Izenpe S.A. (62) > EAEko Herri Administrazioen CA - CA AAPP Vascas (2) (62) > > Government of The Netherlands, PKIoverheid (Logius) (55) > Digidentity Services CA - G2 (55) > > Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) (38) > Cihaz Sertifikası Hizmet Sağlayıcı - Sürüm 4 (38) It looks like my summary missed one QuoVadis intermediate: Bayerische SSL-CA-2016-01 (3) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists.mozilla.org> https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org <mailto:dev-security-policy@lists.mozilla.org> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy