One of their CPSes says that Policy OID is for a "Device Certificate" (Assurance Level 2), which is separate than a TLS server certificate with an OID of 1.3.6.1.4.1.40869.1.1.21 (Assurance Level 3), both are very similar, but I don't know what the distinction is between the two types.
On Mon, Nov 1, 2021 at 7:39 AM Oscar Koeroo <[email protected]> wrote: > Hello, > > I've been doing some scanning on a few million pages and consistently see > the policy OIDs for DV, IV, OV, QWAC in the scopes of ETSI, CA/B or others. > > The certificate found on the site "https://ettoday.net"; I can't determine > the assurance policy. > > Example certificate: > Subject: CN=*.ettoday.net,OU=RD,O=ET New Media Holding Co.\, > Ltd.,L=Taipei,ST=Taiwan,C=TW > Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL > Sub-CA,O=TAIWAN-CA,C=TW > Serial number: 95559031384477517871019103745820225456 > > The only policy OID set is: 1.3.6.1.4.1.40869.1.1.25 ['www.twca.com.tw'] > > How should I qualify this certificate? Or is this a misissuance? A > clarification would be great on how to determine this. > > The OID is also not part of this quite complete list of policy OIDs > https://github.com/zmap/constants > > Your guidance would be appreciated. > > > Kind regards, > Oscar Koeroo > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f79c9a95-b07a-4f04-8a23-e228cd8f43ean%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f79c9a95-b07a-4f04-8a23-e228cd8f43ean%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ_izKoqWjxEQ6k22eDw5e14PL-0Zmoz5oJn%2BgwsFBFTg%40mail.gmail.com.
