Am Montag, 11. September 2017 12:38:38 UTC+2 schrieb Gervase Markham: > Hi Connie, > > On 06/09/17 20:38, [email protected] wrote: > > SwissSign has identified the following incident: > > two Certificate signed with SHA1: Violation BR 7.3.1 > > Thank you for this report. There have been a couple of reasonable > follow-up questions here in the m.d.s.p. group; could you please answer > them? > > > 6) > > The additional functionality introduced in January 2017 had a weak point. > > This vulnerability was only found because of the detailed error analysis > > performed by finding the certificate that was misissued. > > The misissued certificates where detected by the improved quality control. > > No further measures are currently planned. > > Have automated tests been put in place to make sure the operation of > reissuing a SHA-1 certificate always fails, even after further updates > to the software? > > Gerv
Hi Gerv, technically the CA now is disabled to sign certificates using SHA1 Conny _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
