On Tue, Aug 29, 2017 at 8:47 AM, Paul Kehrer via dev-security-policy < [email protected]> wrote: > > Symantec / GeoTrust > > CCADB does not list an email address. Not CC'd. > > DN: C=IT, O=UniCredit S.p.A., CN=UniCredit Subordinate External > Example cert: > https://crt.sh/?q=049462100743d2bcb10780e7c4eb2c > e1197a3f8bea7fad5ef9141f008eb1e6ca > OCSP URI: http://ocsp.unicredit.eu/ocsp
Note: There are 7 associated certificates for this CA ( https://crt.sh/?caid=294 ) Of those: 5 are issued by Symantec / GeoTrust: - 1 is expired ( https://crt.sh/?id=9219 ) - 4 are revoked ( https://crt.sh/?id=12722071 / https://crt.sh/?id=6941850 / https://crt.sh/?id=47086214 / https://crt.sh/?id=12165934) 2 are issued by Actalis - 2 are technically constrained sub-CAs ( https://crt.sh/?id=147626411 / https://crt.sh/?id=47081615 ) As they are technically-constrained subordinate CAs, they are (presently) exempted from that MUST requirement. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
