On Tuesday, August 29, 2017 at 12:51:05 PM UTC-4, Ryan Sleevi wrote: > On Tue, Aug 29, 2017 at 8:47 AM, Paul Kehrer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > Symantec / GeoTrust > > > > CCADB does not list an email address. Not CC'd. > > > > DN: C=IT, O=UniCredit S.p.A., CN=UniCredit Subordinate External > > Example cert: > > https://crt.sh/?q=049462100743d2bcb10780e7c4eb2c > > e1197a3f8bea7fad5ef9141f008eb1e6ca > > OCSP URI: http://ocsp.unicredit.eu/ocsp > > > Note: There are 7 associated certificates for this CA ( > https://crt.sh/?caid=294 ) > > Of those: > 5 are issued by Symantec / GeoTrust: > - 1 is expired ( https://crt.sh/?id=9219 ) > - 4 are revoked ( https://crt.sh/?id=12722071 / https://crt.sh/?id=6941850 > / https://crt.sh/?id=47086214 / https://crt.sh/?id=12165934) > 2 are issued by Actalis > - 2 are technically constrained sub-CAs ( https://crt.sh/?id=147626411 / > https://crt.sh/?id=47081615 ) > > As they are technically-constrained subordinate CAs, they are (presently) > exempted from that MUST requirement.
IdenTrust acknowledge this post and will begin reviewing. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy