The CTJ one was issued in 2013 and is a five year cert (which was also 
prohibited under the BRs at that time_.  It should have been revoked much 
earlier, of course.

-----Original Message-----
From: dev-security-policy 
 On Behalf Of Jonathan Rudenberg via dev-security-policy
Sent: Saturday, August 12, 2017 7:53 PM
Subject: Certificates with reserved IP addresses

Baseline Requirements section prohibits ipAddress SANs from 
containing IANA reserved IP addresses and any certificates containing them 
should have been revoked by 2016-10-01.

There are seven unexpired unrevoked certificates that are known to CT and 
trusted by NSS containing reserved IP addresses.

The full list can be found at:

    TI Trust Technologies Global CA (5)
    Cybertrust Japan Public CA G2 (1)

    PSCProcert (1)

It’s also worth noting that three of the "TI Trust Technologies” certificates 
contain dnsNames with internal names, which are prohibited under the same BR 

dev-security-policy mailing list

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to