[cabfpub] [cabfquest] Fwd: SHA1 certs issued this year chaining to included roots
sleevi at google.com
Tue Jan 19 19:40:11 UTC 2016
Reposting to the public list on Reed's request.
This discussion can be viewed at
On Mon, Jan 18, 2016 at 6:15 PM, Reed Loden <reed at reedloden.com> wrote:
> Seems like this should go to public@ as well, considering the recent
> submission by Symantec about their 2016 SHA-1 certs?
> ---------- Forwarded message ----------
> From: Charles Reiss <woggling at gmail.com>
> Date: Mon, Jan 18, 2016 at 8:49 PM
> Subject: SHA1 certs issued this year chaining to included roots
> To: mozilla-dev-security-policy at lists.mozilla.org
> Via censys.io, I found a couple SHA-1 certs with notBefore dates from
> this year
> which chain to root CAs in Mozilla's program:
> - https://crt.sh/?id=12089828 -- chains to Baltimore CyberTrust Root
> via subCA "Eurida Primary CA" via subCA "DnB NOR ASA PKI Class G"
> Also, the OCSP responder for this certificate appears to not include a
> nextUpdate field.
> - https://crt.sh/?id=12090324 -- chains to Security Communication RootCA1
> [SECOM] via subCA "YourNet SSL for business"
> Also, this certificate is also missing OCSP information and appears to be
> served without OCSP stapling support.
> dev-security-policy mailing list
> dev-security-policy at lists.mozilla.org
> Questions mailing list
> Questions at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public