On Mon, 24 Oct 2022 at 07:07, 'Lahtiharju, Pekka' via [email protected] <[email protected]> wrote:
> Hi Hanno, > > This is not publicly trusted TLS certificate but only Telia's test > certificate. Issuer is our test issuer "Telia PreProd Server CA v3" (not > publicly trusted). > > Telia was testing new Badkeys/Lint implementation and we wanted to do also > one test without Badkeys/Lint with vulnerable key to see if anything else > would prevent such key. According to our information CT log "Dodo" that was > used is non-production CT log and could be used for such tests with > non-trusted TLS certificates (Mammoth and Sabre are Sectigo's production CT > logs). I hope this kind of testing is OK? Or should we keep such test > certificates internal only without any CT publishing? > The certificate aside, having the problem suggests you were running a very ancient version of Debian - is that wise, even in test environments? > > Best Regards > > Pekka Lahtiharju > Senior Development Manager | Trust Services > Telia Finland > +358407061299 <+358%2040%207061299> > [email protected] > www.telia.fi > Telia Finland Oyj, Helsinki 1475607-9 > > > > -----Original Message----- > From: [email protected] <[email protected]> > On Behalf Of Hanno Böck > Sent: sunnuntai 23. lokakuuta 2022 16.15 > To: [email protected] > Subject: Certificate with Debian OpenSSL bug issued > > Hi, > > A few days ago a certificate with a key vulnerable to the 2008 Debian > OpenSSL bug was issued by Telia: > https://crt.sh/?id=7799145606 > > It's a 4096 bit RSA key generated with a vulnerable debian version on > 64 bit. > > -- > Hanno Böck > https://hboeck.de/ > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20221023151433.7002479b%40computer > . > > This email may contain information which is privileged or protected > against unauthorized disclosure or communication. If you are not the > intended recipient, please notify the sender and delete this message and > any attachments from your system without producing, distributing or > retaining copies thereof or disclosing its contents to any other person. > > Telia Company processes emails and other files that may contain personal > data in accordance with Telia Company’s Privacy Policy< > https://www.teliacompany.com/en/about-the-company/privacy/>. > > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AS1PR07MB8688F4317AE188F9EFCE44C1E12E9%40AS1PR07MB8688.eurprd07.prod.outlook.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABrd9STvd%3DX83FDiQbpYNo2iHWgpq90tCr5twFh-uGqiKmNs1Q%40mail.gmail.com.
