On Tuesday, March 13, 2018 at 3:33:50 AM UTC-5, Tom wrote:
> > During final tests for the general availability of wildcard 
> certificate support, the Let's Encrypt operations team issued six test 
> wildcard certificates under our publicly trusted root:
>  >
>  > https://crt.sh/?id=353759994
>  > https://crt.sh/?id=353758875
>  > https://crt.sh/?id=353757861
>  > https://crt.sh/?id=353756805
>  > https://crt.sh/?id=353755984
>  > https://crt.sh/?id=353754255
>  >
> Somebody noticed there 
> https://community.letsencrypt.org/t/acmev2-and-wildcard-launch-delay/53654/62 
> that the certificate of *.api.letsencrypt.org (apparently currently in 
> use), issued by "TrustID Server CA A52" (IdenTrust) seams to have the 
> same problem:
> https://crt.sh/?id=8373036&opt=cablint,x509lint

I think it's just a coincidence that we got a wildcard cert from IdenTrust a 
long time ago and it happens to have the same encoding issue that we ran into. 
I notified IdenTrust in case they haven't fixed the problem since then.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to