Am Freitag, 15. September 2017 10:55:38 UTC+2 schrieb [email protected]: > Am Mittwoch, 6. September 2017 22:38:35 UTC+2 schrieb Nick Lamb: > > Thanks for writing this incident report. > > > > The latter of the two certificates was issued after popular web browsers > > had ceased accepting SHA-1 as far as I understand it. As a result it seems > > likely that it would not have functioned as expected if a customer deployed > > it on a Web server. You mention that you reached out to the affected > > customer, did they indicate that they'd noticed any problem with their > > certificate? Do you have any reason to think that in practice it was not > > used? (e.g. customer ordered & received a SHA-256 cert for the same name > > shortly afterwards). >
> In fact the customers did not use this certificates. > > Best Regards Conny to review the certificates: https://crt.sh/?id=210694152 https://crt.sh/?id=210694153 /Conny _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
