[cabfpub] Certificate Incident

Ryan Sleevi sleevi at google.com
Wed Jul 13 20:41:22 MST 2016


For those wanting to perform risk analysis, precertificates were logged at:

https://crt.sh/?id=24445566
- 7d:62:b4:8f:f5:62:f2:f3:56:83:75:40:1a:37:34:db
https://crt.sh/?id=24445529
- 51:41:55:dd:2d:9c:52:27:4e:3a:fe:c4:48:de:b9:36
https://crt.sh/?id=24445614
- 6f:34:f0:d2:ea:b4:e5:35:18:10:64:bd:f1:b8:74:5b
https://crt.sh/?id=24445598
- 1a:d5:d4:56:88:e1:c0:e4:e4:69:0e:1b:4c:a6:e5:11
https://crt.sh/?id=24445656
- 05:8c:84:5f:66:f9:f8:af:a6:c8:02:11:ed:e5:da:45
https://crt.sh/?id=24445643
- 54:dd:b2:78:57:b1:c9:78:cf:7f:7e:1f:1c:69:9b:86
https://crt.sh/?id=24445695
- 03:d1:8f:29:0f:23:bf:da:08:c5:fc:22:3b:2e:ea:c5
https://crt.sh/?id=24445682
- 27:62:da:fa:af:89:39:44:4d:5a:45:fa:d0:e3:f6:95


On Wed, Jul 13, 2016 at 8:00 PM, Dean Coclin <Dean_Coclin at symantec.com>
wrote:

> To CABF Public:
>
>
>
> On Tuesday, July 12, Symantec erroneously produced and issued 8 SHA-1
> certificates in support of one customer’s application to submit SHA-1 TBS
> Certificates to the CA/B Forum for a SHA-1 exception.
>
> Symantec has revoked the certificates. An internal process review is
> underway.
>
>
>
> All signed by VeriSign Class 3 International Server CA - G3, the serial
> numbers of the certificates are as follows:
>
> 7d:62:b4:8f:f5:62:f2:f3:56:83:75:40:1a:37:34:db
>
> 51:41:55:dd:2d:9c:52:27:4e:3a:fe:c4:48:de:b9:36
>
> 6f:34:f0:d2:ea:b4:e5:35:18:10:64:bd:f1:b8:74:5b
>
> 1a:d5:d4:56:88:e1:c0:e4:e4:69:0e:1b:4c:a6:e5:11
>
> 05:8c:84:5f:66:f9:f8:af:a6:c8:02:11:ed:e5:da:45
>
> 54:dd:b2:78:57:b1:c9:78:cf:7f:7e:1f:1c:69:9b:86
>
> 03:d1:8f:29:0f:23:bf:da:08:c5:fc:22:3b:2e:ea:c5
>
> 27:62:da:fa:af:89:39:44:4d:5a:45:fa:d0:e3:f6:95
>
>
>
>
>
> Dean Coclin
>
> Symantec
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160713/8e005343/attachment.html 


More information about the Public mailing list