Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

On Tuesday, August 16, 2016 at 11:53:24 AM UTC-7, Kathleen Wilson wrote: > Our understanding: "The real problem here is that the issuing > certificate is using sha-1 with predictable serial numbers. ... If a > chosen-prefix attack on sha-1 were discovered... an attacker could use > this CA to

Summary of August 2016 Audit Reminder Emails

All, As you know, the CA Community in Salesforce (aka Common CA Database) automatically sends audit reminder emails to CAs in Mozilla’s root store with overdue audit statements on the 3rd Tuesday of each month. As requested, here is a summary of the audit-reminder emails that were sent

Hongkong Post recently issued SHA1 cert that could be used in TLS

All, It has come to our attention that Hongkong Post has recently issued a SHA1 cert that can be used in TLS/SSL. https://bugzilla.mozilla.org/show_bug.cgi?id=1267332#c3 The certificate was signed by the "Hongkong Post e-Cert CA 1 - 10" intermediate certificate. From the CA: "This

Re: Intermediate certificate disclosure deadline was 2 weeks ago!! (was Re: Salesforce offline Tuesday, June 28, for data import)

Hello again Rob, "ISRG Root X1" is listed as "Unconstrained id-kp-serverAuth Trust: Disclosure is required!" I believe this root is now (or shortly will be) trusted directly by NSS, and so isn't an intermediate and shouldn't appear on the list. Before it was added to NSS, it simply wasn't