Hi Wayne, On Fri, 3 May 2024 04:29:15 -0700 (PDT) Wayne <rdaurn...@gmail.com> wrote:
> They don't list valid/expired/revoked domains for all of their > sub-CAs CAs are only required to provide one set of test websites per root, not for every sub-CA. > and even the ones they do are running on the same wildcard > covering: > > DNS:timestamp.globaltrust.eu > DNS:*.globaltrust.eu > DNS:*.globaltrust.at > DNS:*.globaltrust.info > DNS:*.a-cert.at > DNS:*.e-monitoring.at > > See: https://crt.sh/?id=9532011580 Where are you seeing this disclosed as a test website certificate? The disclosures that I see in the CCADB for GLOBALTRUST's Mozilla-trusted root are: https://testok-2020-server-qualified-ev-1.e-monitoring.at/ https://testold-2020-server-qualified-ev-1.e-monitoring.at/ https://testrevoked-2020-server-qualified-ev-1.e-monitoring.at/ Those all look correct to me. Regards, Andrew -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20240503085955.16fa3b1e538f7162143e98df%40andrewayer.name.