Hi Rob,
Nice report, as usual! I noticed that some CAs that we might want to exclude in a future update of this report: * A number of Roots were listed. Since this is for ICAs, should we exclude those? * https://crt.sh/?sha256=f27bf02c6e00c73d915eeb6a6a2f5fbf0c31ae0393149e6b5c31e41b113841c3 <https://crt.sh/?sha256=f27bf02c6e00c73d915eeb6a6a2f5fbf0c31ae0393149e6b5c31e41b113841c3&opt=mozilladisclosure> &opt=mozilladisclosure * The report includes expired ICAs, should we exclude those? * https://crt.sh/?sha256=8b8e1f09af86ab016ea5af3bc8da09b7f25461cd46691bd675667b26b9258472 <https://crt.sh/?sha256=8b8e1f09af86ab016ea5af3bc8da09b7f25461cd46691bd675667b26b9258472&opt=mozilladisclosure> &opt=mozilladisclosure * The report includes revoked ICAs, should we exclude those? * https://crt.sh/?sha256=4675a0e26d832ab881da9aeac5e1ba1a90a9a445c9145c5a99b25f29be95ecd0 <https://crt.sh/?sha256=4675a0e26d832ab881da9aeac5e1ba1a90a9a445c9145c5a99b25f29be95ecd0&opt=mozilladisclosure> &opt=mozilladisclosure Thanks! From: 'Rob Stradling' via [email protected] <[email protected]> Sent: Friday, September 23, 2022 11:29 AM To: [email protected] Subject: Tracking CRL Disclosure Compliance To help CAs and any other interested parties track compliance with MRSP Version 2.8's CRL disclosure requirement (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#41-additional-requirements) before the October 1st deadline, I've updated https://crt.sh/mozilla-disclosures to flag in-scope Intermediate Certificates for which both the "Full CRL Issued By This CA" and "JSON Array of Partitioned CRLs" fields are empty in the corresponding CCADB records. <https://crt.sh/mozilla-disclosures#disclosureincomplete> https://crt.sh/mozilla-disclosures#disclosureincomplete shows each affected Intermediate Certificate, with the message '"Full CRL Issued By This CA" or "JSON Array of Partitioned CRLs" is required'. https://crt.sh/mozilla-disclosures#disclosureincompletesummary shows a summary of the same information, grouped by Root Owner. -- Rob Stradling Senior Research & Development Scientist Sectigo Limited -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB472956903A43D2975E52D7DEAA519%40MW4PR17MB4729.namprd17.prod.outlook.com <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB472956903A43D2975E52D7DEAA519%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SEZPR03MB659371E8F28FEE53BB2F8EA2F0519%40SEZPR03MB6593.apcprd03.prod.outlook.com.
smime.p7s
Description: S/MIME cryptographic signature
