Re: Digicert issued certificate with let's encrypts public key

2020-05-16 Thread Peter Gutmann via dev-security-policy
Kurt Roeckx via dev-security-policy writes: >Browsing crt.sh, I found this: https://crt.sh/?id=1902422627 > >It's a certificate for api.pillowz.kz with the public key of Let's Encrypt >Authority X1 and X3 CAs. How could that have been issued? Since a (PKCS #10) request has to be self- signed,

Digicert issued certificate with let's encrypts public key

2020-05-16 Thread Kurt Roeckx via dev-security-policy
Hi, Browsing crt.sh, I found this: https://crt.sh/?id=1902422627 It's a certificate for api.pillowz.kz with the public key of Let's Encrypt Authority X1 and X3 CAs. It's revoked since 2020-01-31, but I couldn't find any incident report related to it. Kurt

Re: Digicert issued certificate with let's encrypts public key

2020-05-16 Thread Kurt Roeckx via dev-security-policy
On Sat, May 16, 2020 at 10:04:24AM -0400, Andrew Ayer via dev-security-policy wrote: > On Sat, 16 May 2020 14:02:42 +0200 > Kurt Roeckx via dev-security-policy > wrote: > > > https://crt.sh/?id=1902422627 > > > > It's a certificate for api.pillowz.kz with the public key of Let's > > Encrypt

Re: Digicert issued certificate with let's encrypts public key

2020-05-16 Thread Andrew Ayer via dev-security-policy
On Sat, 16 May 2020 14:02:42 +0200 Kurt Roeckx via dev-security-policy wrote: > https://crt.sh/?id=1902422627 > > It's a certificate for api.pillowz.kz with the public key of Let's > Encrypt Authority X1 and X3 CAs. > > It's revoked since 2020-01-31, but I couldn't find any incident > report

Re: Digicert issued certificate with let's encrypts public key

2020-05-16 Thread Ryan Sleevi via dev-security-policy
On Sat, May 16, 2020 at 10:11 AM Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Sat, May 16, 2020 at 10:04:24AM -0400, Andrew Ayer via > dev-security-policy wrote: > > On Sat, 16 May 2020 14:02:42 +0200 > > Kurt Roeckx via dev-security-policy > > wrote: