On Wednesday, October 18, 2017 at 4:15:03 AM UTC-5, Rob Stradling wrote: > The list is at https://misissued.com/batch/28/ > > Many of these are Qualified/EUTL certs rather than anything to do with > the WebPKI. Only about half of them chain to roots that are trusted by NSS. >
It's really interesting. Of those which are non-expired and which do chain to publicly trusted roots, a number of these have the term "scada" in one or more of their SAN dnsName entries. I wonder what manufacturers' SCADA control systems utilize Infineon TPMs. Frankly, the shocking part is that a manufacturer of some SCADA controller or front end bothered to attempt key control in a TPM at all. Those guys tend to be of the "security is a network layer problem, VPN all the things" perspective. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
