Hi Hanno, This is not publicly trusted TLS certificate but only Telia's test certificate. Issuer is our test issuer "Telia PreProd Server CA v3" (not publicly trusted).
Telia was testing new Badkeys/Lint implementation and we wanted to do also one test without Badkeys/Lint with vulnerable key to see if anything else would prevent such key. According to our information CT log "Dodo" that was used is non-production CT log and could be used for such tests with non-trusted TLS certificates (Mammoth and Sabre are Sectigo's production CT logs). I hope this kind of testing is OK? Or should we keep such test certificates internal only without any CT publishing? Best Regards Pekka Lahtiharju Senior Development Manager | Trust Services Telia Finland +358407061299 [email protected] www.telia.fi Telia Finland Oyj, Helsinki 1475607-9 -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Hanno Böck Sent: sunnuntai 23. lokakuuta 2022 16.15 To: [email protected] Subject: Certificate with Debian OpenSSL bug issued Hi, A few days ago a certificate with a key vulnerable to the 2008 Debian OpenSSL bug was issued by Telia: https://crt.sh/?id=7799145606 It's a 4096 bit RSA key generated with a vulnerable debian version on 64 bit. -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20221023151433.7002479b%40computer. This email may contain information which is privileged or protected against unauthorized disclosure or communication. If you are not the intended recipient, please notify the sender and delete this message and any attachments from your system without producing, distributing or retaining copies thereof or disclosing its contents to any other person. Telia Company processes emails and other files that may contain personal data in accordance with Telia Company’s Privacy Policy<https://www.teliacompany.com/en/about-the-company/privacy/>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AS1PR07MB8688F4317AE188F9EFCE44C1E12E9%40AS1PR07MB8688.eurprd07.prod.outlook.com.
