Hi All,

This is Jason from the Microsoft PKI Services team. I’d like to add some 
context to the note about the certs issued from the Microsoft RSA Root 
Certificate Authority 2017. As you can see, these were all issued to a domain 
registered to Microsoft. While these clearly violate the Subject profile 
requirements in Section 7 of the BRs, nearly all the certs listed meet the 
requirements for Test Certificate as listed in Section 1.6.1 of the BRs, 
including the presence of the “Test” OID ( in a critical 
extension. A few of the test issuances did not meet the requirements of 1.6.1 
and we have adjusted our policy enforcement mechanisms accordingly as a result. 
That said, we have created an incident around this for purposes of reporting to 
our auditors. Please feel free to let me know if you have questions.

Jason Cooper

dev-security-policy mailing list

Reply via email to