Indeed, in the beginning we had many certificates issued erroneously and we started to monitor these certificates to eliminate such errors. We believe that they are errors that any CA can have and that makes the process of revoking and replacing certificates, as with any other CA, that is already in the root program of Mozilla or any other root program. Daily we receive emails from bugzilla where we can see many certificates issued by major competitors CA with errors. We believe that there is no CA that is ready and mature to not make mistakes when starting to operate in these issuing. We have been trying to submit to this program for more than 2 years and we are always attentive and making efforts to do our best within compliance.
Em quinta-feira, 17 de novembro de 2022 às 11:44:42 UTC-3, Andrew Ayer escreveu: > As recently as 2021, this CA was issuing certificates with DNS SANs such > as: > > https://certificados.serpro.gov.br/arssl/ (https://crt.sh/?id=4554741564) > ccd-ct01bsa (https://crt.sh/?id=4541931304) > sgconf.rfoc.srf (srf is not a valid TLD) (https://crt.sh/?id=4415391045) > > There are many more examples of shocking misissuances here: > > https://cachecker-dot-ccadb-231121.appspot.com/summary/194400?max_depth=-1&start=2020-03-12&end=2021-06-02&z_lint=on&cab_lint=on&x509_lint=on > > This is clearly not a mature CA and no root program should include it. > > Regards, > Andrew > -- You received this message because you are subscribed to the Google Groups "public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/6f53949c-c57b-43bc-b8cf-7a4608e6ab53n%40ccadb.org.
