Thanks all! On Mon, Apr 22, 2024 at 7:05 AM 'David Adrian' via [email protected] <[email protected]> wrote:
> Census validation is in general very loose in terms of what in chains it > will accept. It uses the verifier in ZCrypto (same as ZLint), and mostly > only checks names and signatures. > > On Sun, Apr 21, 2024, 8:48 PM Matt Palmer <[email protected]> wrote: > >> On Sun, Apr 21, 2024 at 03:11:13PM -0700, 'Amir Omidi (aaomidi)' via >> [email protected] wrote: >> > I came across an interesting certificate today: >> > https://crt.sh/?id=2385087905 >> > >> > According to Censys, this certificate is publicly trusted on of the >> major >> > root programs. >> > >> > This certificate has a very long lifetime, and just seems to be *weird* >> in >> > a lot of ways. Are these types of certificates okay to issue from a >> > publicly trusted roots/intermediates? >> >> It *may* fall under the "this isn't a server certificate" exception, and >> given that it was seemingly issued in 2017 (although it may have been >> issued >> in 2020 and backdated, based on the SCT), many of the current rules >> around what >> constitutes "valid for server authentication" may not apply in any case. >> >> > It does seem that the issuer has been revoked on Mozilla per crt: >> > https://crt.sh/?caid=74630 >> >> Well, in that case, there's not much that Mozilla could do anyway. >> >> - Matt >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/231e6ab3-f260-4056-b5e8-0be3e8fd0572%40mtasv.net >> . >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "[email protected]" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/mozilla.org/d/topic/dev-security-policy/2GC5YxfkoyU/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAGkh42KN%3DzGdbZF8rT-6fB9Mo3LjnSVdu4NVNv3Pi4pUhcXJmA%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAGkh42KN%3DzGdbZF8rT-6fB9Mo3LjnSVdu4NVNv3Pi4pUhcXJmA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAOG%3DJUKQK%3DXbsVpk_6WyTMthS9k4rWKPh5ajPeN%3DCBDFGDvjqA%40mail.gmail.com.
