Hi All, This is Jason from the Microsoft PKI Services team. I’d like to add some context to the note about the certs issued from the Microsoft RSA Root Certificate Authority 2017. As you can see, these were all issued to a domain registered to Microsoft. While these clearly violate the Subject profile requirements in Section 7 of the BRs, nearly all the certs listed meet the requirements for Test Certificate as listed in Section 1.6.1 of the BRs, including the presence of the “Test” OID (22.214.171.124.1) in a critical extension. A few of the test issuances did not meet the requirements of 1.6.1 and we have adjusted our policy enforcement mechanisms accordingly as a result. That said, we have created an incident around this for purposes of reporting to our auditors. Please feel free to let me know if you have questions.
Thanks, Jason Cooper _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy