Hi Rufus. I'm not aware of any root program or CABForum requirement that supports your interpretation.
On 13/12/2018 12:26, Rufus Buschart wrote: > Very nice! Are you sure, that this requirement is only valid for "Root > CAs"? I was always under the impression, that such a test web site needs > to be hosted for every "Issuing CA that chains up to a publicly trusted > Root CA". > > /Rufus > > What we do in life, echoes in eternity. > =========================================== > Rufus J.W. Buschart > Anna-Pirson-Weg 1c > 91052 Erlangen > Phone: +49 (0)9131 - 530 15 85 > Mobile: +49 (0)152 - 228 94 134 > Web: http://www.buschart.de > > > Am Do., 13. Dez. 2018 um 12:18 Uhr schrieb Rob Stradling > <[email protected] <mailto:[email protected]>>: > > Thanks to Kathleen for suggesting/requesting this new crt.sh feature... > > To facilitate compliance checking for the 3 test websites that BR 2.2 > [1] requires for each root certificate, I've created this new report: > > https://crt.sh/test-websites > > Anything in red on this page represents either: a > misconfigured/non-compliant test website, a bug in my code, or an > interesting edge case worthy of further discussion. > > Each test website is currently rechecked every 10 minutes. The code > for > the checker application is available at [2]. > > > [1] > https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.5.9.pdf > "2.2. PUBLICATION OF INFORMATION > ... > The CA SHALL host test Web pages that allow Application Software > Suppliers to test their software with Subscriber Certificates that > chain > up to each publicly trusted Root Certificate. At a minimum, the CA > SHALL > host separate Web pages using Subscriber Certificates that are (i) > valid, (ii) revoked, and (iii) expired." > > [2] https://github.com/crtsh/test_websites_monitor > > -- > Rob Stradling > Senior Research & Development Scientist > Sectigo Limited > > -- > You received this message because you are subscribed to the Google > Groups "crt.sh" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected] > <mailto:crtsh%[email protected]>. > To post to this group, send an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web, visit > > https://groups.google.com/d/msgid/crtsh/2615a68e-9626-8d77-86f4-78dd64c04b3d%40sectigo.com. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google > Groups "crt.sh" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/crtsh/CAFnsKvjnAT6RZohgQNUEi5%3Dzxp-qDGxCi_K5jKOjwpvA%3DPZQAA%40mail.gmail.com > > <https://groups.google.com/d/msgid/crtsh/CAFnsKvjnAT6RZohgQNUEi5%3Dzxp-qDGxCi_K5jKOjwpvA%3DPZQAA%40mail.gmail.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- Rob Stradling Senior Research & Development Scientist Email: [email protected] Bradford, UK Office: +441274024707 Sectigo Limited This message and any files associated with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender by reply email, disregard the foregoing messages, and delete it immediately. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

