Re: T-Systems invalid SANs

2019-03-04 Thread Pedro Fuentes via dev-security-policy
Hello Ryan, thanks for your reply. El lunes, 4 de marzo de 2019, 18:20:20 (UTC+1), Ryan Sleevi escribió: > > Just to make sure: This isn't really a question about CT at all, is it? > It's a question about CAs performing testing in production that leads to > misissuances. > Mostly is the

Re: T-Systems invalid SANs

2019-03-04 Thread Ryan Sleevi via dev-security-policy
On Mon, Mar 4, 2019 at 11:46 AM Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > El lunes, 4 de marzo de 2019, 12:37:43 (UTC+1), arnold...@t-systems.com > escribió: > > The incident report can be found here, >

Re: T-Systems invalid SANs

2019-03-04 Thread Pedro Fuentes via dev-security-policy
El lunes, 4 de marzo de 2019, 12:37:43 (UTC+1), arnold...@t-systems.com escribió: > The incident report can be found here, > https://bugzilla.mozilla.org/show_bug.cgi?id=1530718 Hello, related to this... Is there a policy about test certificates and CT logs? Sometimes it's required to do

Re: T-Systems invalid SANs

2019-03-04 Thread Arnold Essing via dev-security-policy
The incident report can be found here, https://bugzilla.mozilla.org/show_bug.cgi?id=1530718 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: T-Systems invalid SANs

2019-02-27 Thread Jakob Bohm via dev-security-policy
On 27/02/2019 09:54, michel.lebihan2...@gmail.com wrote: I also found that certificates that were issued very recently have duplicate SANs: https://crt.sh/?id=1231853308=cablint,x509lint,zlint https://crt.sh/?id=1226557113=cablint,x509lint,zlint

Re: T-Systems invalid SANs

2019-02-27 Thread michel.lebihan2000--- via dev-security-policy
I also found that certificates that were issued very recently have duplicate SANs: https://crt.sh/?id=1231853308=cablint,x509lint,zlint https://crt.sh/?id=1226557113=cablint,x509lint,zlint https://crt.sh/?id=1225737388=cablint,x509lint,zlint ___

Re: T-Systems invalid SANs

2019-02-26 Thread Wayne Thayer via dev-security-policy
Thank you. I have created a bug and requested a response from T-Systems: https://bugzilla.mozilla.org/show_bug.cgi?id=1530718 - Wayne On Tue, Feb 26, 2019 at 8:07 AM michel.lebihan2000--- via dev-security-policy wrote: > Hello, > > While looking at CT logs, I noticed multiple certificates

T-Systems invalid SANs

2019-02-26 Thread michel.lebihan2000--- via dev-security-policy
Hello, While looking at CT logs, I noticed multiple certificates issued by T-Systems that have SANs that seem invalid. The first certificate I noticed is https://crt.sh/?id=1044575692=ocsp,cablint,zlint The DNS name has a leading /. That certificate was revoked, but I didn't see any report