Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

2020-06-18 Thread Rob Stradling via dev-security-policy
y via dev-security-policy Sent: 17 June 2020 23:13 To: r...@sleevi.com Cc: Mozilla Subject: Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types) CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the se

Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

2020-06-17 Thread Jeremy Rowley via dev-security-policy
Doh - how did I miss that?! Thanks Ryan From: Ryan Sleevi Sent: Wednesday, June 17, 2020 4:11:46 PM To: Jeremy Rowley Cc: Mozilla Subject: Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types) It's right there under "Trust Filter&q

Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

2020-06-17 Thread Ryan Sleevi via dev-security-policy
y > Sent: Wednesday, June 17, 2020 5:07 AM > To: dev-security-policy > Subject: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content > types) > > Inspired by last month's email threads and Bugzilla issues relating to CA > Issuers misconfigurations, I've just fi

RE: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

2020-06-17 Thread Jeremy Rowley via dev-security-policy
Is there a way to filter out the revoked and non-TLS/SMIME ICAs? -Original Message- From: dev-security-policy On Behalf Of Rob Stradling via dev-security-policy Sent: Wednesday, June 17, 2020 5:07 AM To: dev-security-policy Subject: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA

crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

2020-06-17 Thread Rob Stradling via dev-security-policy
Inspired by last month's email threads and Bugzilla issues relating to CA Issuers misconfigurations, I've just finished adding a new feature to crt.sh... https://crt.sh/ca-issuers Sadly, this highlights plenty of misconfigurations and other problems: PEM instead of DER, certs for the wrong CAs,