El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió: > On 09/10/2018 23:53, Wayne Thayer wrote: > > On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:<snip> > > Wayne, Kathleen: > > Given the number of times that all the CAs in Mozilla's Root Program > > have been reminded about Mozilla's requirements for disclosing > > intermediate certs, I wouldn't blame you if you decided to add these 20 > > intermediate certs [5] to OneCRL immediately! > > > > I think we should give this serious consideration, although it doesn't > > help with the majority of these that are trusted for email. > > Hi Wayne. Did you give this serious consideration? > > An Izenpe intermediate cert [1] has been known to crt.sh (see [2]) for > well over a month, but hasn't yet been disclosed to the CCADB. > > > [1] https://crt.sh/?id=966433897 > > [2] https://crt.sh/mozilla-disclosures > > -- > Rob Stradling > Senior Research & Development Scientist > Sectigo Limited
We're reviewing what happened with this subCA, because it's reported to the CCADB (like all other subCAs). At the moment we've seen that there are two different entries in the crt.sh with the same serial number, but different fingerprints: https://crt.sh/?id=1477430 -> disclosed https://crt.sh/?id=966433897 -> not disclosed This CA is not new, so there wouldn’t be any problem. But we continue analyzing what happened. Thanks for the information. Regards _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
