On Wed, 16 Aug 2017 19:56:45 -0700 Andrew Ayer via dev-security-policy <[email protected]> wrote:
> Every certificate known to CT issued by PROCERT with a notBefore > date after September 30, 2016 has what appears to be a non-random > serial number: https://crt.sh/?Identity=%25&iCAID=750 These are now being tracked on misissued.com: https://misissued.com/batch/12/ > In addition, their OCSP responder is returning a status of "Good" for > adjacent serial numbers, suggesting sequential assignment of serial > numbers. Actually, their OCSP responder is returning good for unissued certificates, which is itself a BR violation. I've attached a sample OCSP response to the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1391058 Regards, Andrew _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
