Kathleen, I believe at least part of the problem Andrew mentions is because of Salesforce or some intermediary processing within CCADB tooling.
I had pinged Andrew offline and he mentioned what he was seeing from our JSON was no "" around the URL, we have confirmed what we publish does have these URLs so it appears something is stripping the quotes. Ryan Hurst Google Trust Services On Monday, September 26, 2022 at 10:21:52 AM UTC-7 Andrew Ayer wrote: > Thanks Kathleen for adding the field to the report. > > I'm trying to process this field, and so far the only well-formed JSON > I've found is the empty array (i.e. "[]"). Numerous CAs have failed to > put double quotes around the URLs, e.g.: > > [http://example.com/crl1, http://example.com/crl2] > > Another mistake is just making it a comma-separated list, without any > JSON syntax, e.g.: > > http://example.com/crl1, http://example.com/crl2 > > CAs should make sure that they put well-formed JSON in this field, e.g.: > > ["http://example.com/crl1";, "http://example.com/crl2";] > > Also, if there is some way to have Salesforce enforce that well-formed > JSON is provided, that would sure be helpful. > > Regards, > Andrew > > On Fri, 23 Sep 2022 09:54:24 +0000 > "'Rob Stradling' via [email protected]" > <[email protected]> wrote: > > > Hi all. Kathleen dealt with my request off-list. The "JSON Array of > > Partitioned CRLs" field has now been appended to > > > https://ccadb-public.secure.force.com/ccadb/AllCertificateRecordsCSVFormat > . > > > > ________________________________ > > From: 'Rob Stradling' via [email protected] > > <[email protected]> Sent: 21 September 2022 16:52 > > To: [email protected] <[email protected]> > > Subject: Add another field to AllCertificateRecordsCSVFormat > > > > > > CAUTION: This email originated from outside of the organization. Do > > not click links or open attachments unless you recognize the sender > > and know the content is safe. > > > > > > Kathleen, Ben, > > > > I would like to enhance > > https://crt.sh/mozilla-disclosures< > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2Fmozilla-disclosures&data=05%7C01%7Crob%40sectigo.com%7C844a95351942442323f708da9be93b2b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637993723270265361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yCQJSenYyJ3o2U%2FCae1vQ1GPo6EqKJHq0Mn%2F8wd4eDQ%3D&reserved=0 > > > > to monitor compliance to Mozilla's new CRL URL disclosure requirement > > that comes into force in about a week and a half from now > > ( > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#41-additional-requirements > < > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mozilla.org%2Fen-US%2Fabout%2Fgovernance%2Fpolicies%2Fsecurity-group%2Fcerts%2Fpolicy%2F%2341-additional-requirements&data=05%7C01%7Crob%40sectigo.com%7C844a95351942442323f708da9be93b2b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637993723270265361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mIi0cZUf9sp4Myr8c%2BUKw8c7nLEv1HiUHpNzl3Q7ycw%3D&reserved=0 > >). > > crt.sh already has access to the "Full CRL Issued By This CA" field, > > but cannot yet access the "JSON Array of Partitioned CRLs" field. > > > > Please could I ask you to append the "JSON Array of Partitioned CRLs" > > field to > > > https://ccadb-public.secure.force.com/ccadb/AllCertificateRecordsCSVFormat > < > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fccadb%2FAllCertificateRecordsCSVFormat&data=05%7C01%7Crob%40sectigo.com%7C844a95351942442323f708da9be93b2b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637993723270265361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5l0bsEYP1qTo%2FQJi5WEpT5ftEh%2BzQFf1uAPnA1rBMUw%3D&reserved=0 > >? > > > > > > -- > > Rob Stradling > > Senior Research & Development Scientist > > Sectigo Limited > > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "[email protected]" group. To unsubscribe from > > this group and stop receiving emails from it, send an email to > > [email protected]<mailto:[email protected]>. > > To view this discussion on the web visit > > > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB47293DF31FB62C442C97503FAA4F9%40MW4PR17MB4729.namprd17.prod.outlook.com > < > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2FMW4PR17MB47293DF31FB62C442C97503FAA4F9%2540MW4PR17MB4729.namprd17.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7C844a95351942442323f708da9be93b2b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637993723270265361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NBh1BGZD920%2F6EJDKFM5sCf4aOM4Kt5SzJfz2BINwjw%3D&reserved=0 > >. > > > > -- > > You received this message because you are subscribed to the Google > > Groups "[email protected]" group. To unsubscribe from > > this group and stop receiving emails from it, send an email to > > [email protected]. To view this discussion > > on the web visit > > > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729A09C3DCF46B5BD3592DDAA519%40MW4PR17MB4729.namprd17.prod.outlook.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/01c57e2b-af87-4f5b-a315-4939d45ea114n%40mozilla.org.
