Attached is an audit from 2016. They are due for another one for 2017.
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Tuesday, August 15, 2017 6:55 AM
To: Ben Wilson ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Certificate with invalid dnsName iss
Am Dienstag, 15. August 2017 16:21:03 UTC+2 schrieb Gervase Markham:
> On 14/08/17 16:44, Arno Fiedler wrote:
> > fulfilled. On 20-07-17 Mozilla asked D-TRUST for clarification, due
> > to the holiday period this message reached us on 07-08-17, AF
> > answered on 08-08-17
>
> I was going to compla
On 15/08/17 13:29, Gervase Markham via dev-security-policy wrote:
Hi Rob,
On 26/07/17 11:21, Rob Stradling wrote:
https://docs.google.com/spreadsheets/d/1IACTYMDXcdz4DoMKxkHfePfb5mv2XN68BcB7p6acTqg/edit?usp=sharing
Thanks for this. Any chance of saving me a bit of time by
cross-referencing ea
What's wrong with the two Well's Fargo certs? I don't see any invalid
characters in them.
On Wednesday, August 16, 2017 at 9:22:01 AM UTC-6, Rob Stradling wrote:
> On 15/08/17 13:29, Gervase Markham via dev-security-policy wrote:
> > Hi Rob,
> >
> > On 26/07/17 11:21, Rob Stradling wrote:
> >> h
> On Aug 16, 2017, at 11:37, Amus via dev-security-policy
> wrote:
>
> What's wrong with the two Well's Fargo certs? I don't see any invalid
> characters in them.
https://crt.sh/?opt=cablint&id=19558707
https://crt.sh/?opt=cablint&id=11382596
Both have trailing spaces in one of the dnsNames:
On Tuesday, August 15, 2017 at 4:42:06 PM UTC-4, Eric Mill wrote:
> On Tue, Aug 15, 2017 at 2:47 PM, identrust--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > We have been moderately successful in replacing the five (5)
> > certificates. One (1) has been volunta
> On Aug 15, 2017, at 14:53, identrust--- via dev-security-policy
> wrote:
>
> On Friday, August 11, 2017 at 6:05:29 PM UTC-4, paul.l...@gmail.com wrote:
>> On Friday, August 11, 2017 at 3:43:17 PM UTC-5, iden...@gmail.com wrote:
>>> IdenTrust is fully aware of the situation and has consulted w
I will proceed with filing these bugs now.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
> On Aug 16, 2017, at 12:52, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> I looked through the CT logs and found 15 more unexpired unrevoked
> certificates that are trusted by NSS and appear to have the same inaccurate
> organizationName of “U.S. Government” for a non-USG entity.
>
> On Aug 16, 2017, at 13:44, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> After looking into this more, I’ve found that the majority of certificates
> issued by the "IdenTrust ACES CA 2” and "IdenTrust ACES CA 1” intermediates
> are not BR-compliant.
If anyone is interested in loo
On Wednesday, August 16, 2017 at 11:22:01 AM UTC-4, Rob Stradling wrote:
> BTW, I've just asked Alex to look at adding the "CA Owner" field to the
> misissued.com reports. :-)
>
It does this now :-)
Cheers,
Alex
___
dev-security-policy mailing list
d
Bugs filed...
== Actalis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390974
== Camerfirma ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390977
== Certinomis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390978
== certSIGN ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390979
== Co
Every certificate known to CT issued by PROCERT with a notBefore
date after September 30, 2016 has what appears to be a non-random
serial number: https://crt.sh/?Identity=%25&iCAID=750
1e:4d:94:48:00:00:00:00:0c:79
2f:84:26:06:00:00:00:00:0b:1b
3d:94:73:d1:00:00:00:00:0a:ab
4b:53:8c:18:00:00:00:00
Hi Jonathan,
Thanks for reminding! I've sent mail to POC of AC Camerfirma and these two
intermediate certs has been disclosed in CCADB now.
Aaron Wu
Mozilla Corporation
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https:/
On Wed, 16 Aug 2017 19:56:45 -0700
Andrew Ayer via dev-security-policy
wrote:
> Every certificate known to CT issued by PROCERT with a notBefore
> date after September 30, 2016 has what appears to be a non-random
> serial number: https://crt.sh/?Identity=%25&iCAID=750
These are now being tracked
15 matches
Mail list logo