I've asked the Government of Korea to comment on this news article in their
inclusion request (https://bugzilla.mozilla.org/show_bug.cgi?id=1377389).
- Wayne
On Wed, Apr 11, 2018 at 7:26 AM, jumping2gether--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> According to
Your inquiry was posted with unsubstantiated information. crt.sh logged that a
certificate including www.testssl.com was issued by a CA certificate (CN:
CA134100031) on 2017-02-17, but already revoked.
Deloitte Anjin didn't issue a WTCA-SSL report on the CA certificate after
2017-01-01.
According to the official briefing by the Government of Korea on April 9 2018,
The government CA discovered suspicious misissuance on April 5. They revoked
the certificate on April 6 and began investigating all valid SSL certificates.
src (in Korean):
Your information is incorrect.
According to crt.sh, Ministry of Education CA(CA134100031)issued a mis-issued
certificate to www.testssl.com on 2017-04-03 but already revoked.
Deloitte Anjin didn't issue a WTCA-SSL report to the CA certificate after
2017-01-01.
The Korea GPKI MOI CA certificates are in the inclusion process. As I noted
in the bug, I've added information on the reported misissuance and OCSP
errors to the inclusion request and I've noted the concerns raised about
the auditor in their CCADB record.
- Wayne
On Thu, Apr 5, 2018 at 10:03 AM,
Deloitte Anjin did the WebTrust audit for South Korea GPKI(Government Public
Key Infrastructure).
they audited two organization "Ministry of the Interior" and "Ministry of the
Education"
buy they did not follow CA/B Forum BR..
they issued certificate without domain validaion. ex)
6 matches
Mail list logo