I also was going to point out that these are probably [at least] three
different concepts:
1. There are untrusted / revoked / distrusted root and/or intermediate
CERTIFICATES.
2. There are KEYS which have been COMPROMISED
(known/published/demonstrated public -> private key mapping) which are
On Tue, Jan 09, 2024 at 11:16:59AM -0500, 'Jan Schaumann' via
dev-security-policy@mozilla.org wrote:
> Either way, it would be useful to have a community
> shared list of known compromised keys or otherwise
> revoked roots or intermediates. Does that already
> exist?
For known-compromised keys,
Hello Jan,
This OneCRL list might be what you are looking for -
https://crt.sh/mozilla-onecrl.
Ben
On Tue, Jan 9, 2024 at 9:17 AM 'Jan Schaumann' via
dev-security-policy@mozilla.org wrote:
> Hello,
>
> Is there a community-shared blocklist of known bad
> certs (keys)?
>
> Chrome has
>
>
Hello,
Is there a community-shared blocklist of known bad
certs (keys)?
Chrome has
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/blocklist/README.md
Apple / Safari has
https://support.apple.com/en-us/103255
I don't recall if Firefox has a list?
Either way, it would be