Apparently they haven’t yet, but we’ll assume that they will. Does the community expect a remediation plan for their code and then a revocation-and-replacement plan?
Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Alex Gaynor [mailto:[email protected]] Sent: Friday, August 11, 2017 8:31 AM To: Ben Wilson <[email protected]> Cc: Jeremy Rowley <[email protected]>; Jonathan Rudenberg <[email protected]>; [email protected] Subject: Re: Certificates with less than 64 bits of entropy Have they fixed whatever issue there is with their PKI infrastructure that leads to this issue? From skimming, I see this pool contains certs issued as recently as one month ago. Alex On Fri, Aug 11, 2017 at 10:26 AM, Ben Wilson via dev-security-policy <[email protected] <mailto:[email protected]> > wrote: With regard to Siemens, given the large number of certificates and the disruption that massive revocations will have on their infrastructure, what does this community expect them to do? -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+ben <mailto:dev-security-policy-bounces%2Bben> [email protected] <mailto:[email protected]> ] On Behalf Of Jeremy Rowley via dev-security-policy Sent: Thursday, August 10, 2017 12:01 PM To: Jonathan Rudenberg <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: RE: Certificates with less than 64 bits of entropy Hi Jonathan, InfoCert's sub CA was revoked on August 1, 2017. We'll reach out to Siemens. They moved to Quovadis a while ago and are no longer issuing from that Sub CA. Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley <mailto:dev-security-policy-bounces%2Bjeremy.rowley> [email protected] <mailto:[email protected]> ] On Behalf Of Jonathan Rudenberg via dev-security-policy Sent: Thursday, August 10, 2017 9:26 AM To: [email protected] <mailto:[email protected]> Subject: Re: Certificates with less than 64 bits of entropy > On Aug 10, 2017, at 11:20, Jonathan Rudenberg via dev-security-policy > <[email protected] > <mailto:[email protected]> > wrote: > > QuoVadis (560) > Siemens Issuing CA Internet Server 2016 (560) > > D-TRUST (224) > D-TRUST SSL Class 3 CA 1 2009 (178) > D-TRUST SSL Class 3 CA 1 EV 2009 (45) > D-TRUST Root Class 3 CA 2 EV 2009 (1) > > DigiCert (85) > Siemens Issuing CA Class Internet Server 2013 (82) > InfoCert Web Certification Authority (3) > > Izenpe S.A. (62) > EAEko Herri Administrazioen CA - CA AAPP Vascas (2) (62) > > Government of The Netherlands, PKIoverheid (Logius) (55) > Digidentity Services CA - G2 (55) > > Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) (38) > Cihaz Sertifikası Hizmet Sağlayıcı - Sürüm 4 (38) It looks like my summary missed one QuoVadis intermediate: Bayerische SSL-CA-2016-01 (3) _______________________________________________ dev-security-policy mailing list [email protected] <mailto:[email protected]> https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] <mailto:[email protected]> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
