Dear all,
In response to Mr. Gaynor email reporting a mis-issued certificate, the owner of the certificate has been contacted and request its revocation. Our compromise is to have it revoked by this afternoon at most. After reviewing the problem, we believe that given the issuance date of the reported certificate (Jul 29 07:13:34 2016 GMT), this is another case of "Non-BR-Compliant Certificate" that it was not detected when the following bug was filed and treated: https://bugzilla.mozilla.org/show_bug.cgi?id=1390988 We will perform further investigations in order to see if there are more cases we missed at that moment. We will also check if the conditions that allowed our system to issue this certificate are consistent with the problem and corrective actions already reported in the existing bug. If not, we will file a new bug. Looking forward to your comments, Thank you, _ _ _ Francesc Ferrer i Grevolosa Àrea de Tecnologia Consorci Administració Oberta de Catalunya Tànger, 98 (planta baixa) 08018 Barcelona tel: 93 272 40 00 <http://www.aoc.cat/> www.aoc.cat - @consorciaoc "Impulsem la transformació digital de les Administracions Catalanes, per promoure Governs Àgils, Lògics i Col·laboratius " Aquest correu electrònic, així com qualsevol fitxer annex, conté informació classificada. Queda prohibida la seva divulgació, còpia o distribució a persones diferents del seu destinatari exclusiu sense autorització prèvia per escrit del Consorci Administració Oberta de Catalunya. Si vostè ha rebut aquest correu electrònic per error, si us plau notifiqui-ho immediatament al remitent reenviant-lo. De: Alex Gaynor [mailto:[email protected]] Enviado el: dilluns, 8 de gener de 2018 20:53 Para: incident_pki <[email protected]> Asunto: Misissued certificate Hello, I'm reporting a mis-issued certificate: https://crt.sh/?id=284511547 <https://crt.sh/?id=284511547&opt=cablint> &opt=cablint The dNSName SAN in this certificate is not a domain name, but is instead a URI, in violation of RFC5280/BRs. I am requesting this certificate be revoked and a post-mortem sent to the mozilla.dev.security.policy mailing list. Thanks, Alex
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
