On 12/15/11 17:23, Christoph Klein wrote: > My name is Christoph Klein and I work at A-Trust in Austria. We have > investigated the certificate in question and instantly revoked it after > talking to the owner of the domain.
Great that the cert is revoked. > We performed further testing and found out, that this was the only > certificate issued by our SSL CA with a keylength below 1024. Uhm...that was the last valid one. There were two more 512-bit ones. Following one has been revoked this year (but the site in subject CN is still sending it): -----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgIDBQrsMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYDVQQGEwJB VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRYwFAYDVQQLDA1hLXNpZ24tU1NM LTAzMRYwFAYDVQQDDA1hLXNpZ24tU1NMLTAzMB4XDTA5MDIyMzA5NDMyNloXDTE0 MDIyMzA5NDMyNlowgYsxCzAJBgNVBAYTAkFUMTAwLgYDVQQKDCdXZWluaGFuZGwg JiBQYXJ0bmVyIEVEVi1Db25zdWx0aW5nIEdtYkgxFTATBgNVBAsMDElULUFidGVp bHVuZzEcMBoGA1UEAwwTd3d3LmFjcy1wcmVtaXVtLmNvbTEVMBMGA1UEBRMMNDE1 NTI2MzkxODI2MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOGRI4W/QVZHwevEVHaI Kh4rr7a1vzVMtN+onFKiwMUDhHqF4G3S8I3ifWX8NFbg5IDZhr8iyauQq/1RvQKl IbUCAwEAAaOCAbswggG3MBMGA1UdIwQMMAqACEA+odNitAPdMHIGCCsGAQUFBwEB BGYwZDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMDkG CCsGAQUFBzAChi1odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXNz bC0wMy5jcnQwSwYDVR0gBEQwQjBABgYqKAARARQwNjA0BggrBgEFBQcCARYoaHR0 cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLXNzbDCBjwYDVR0fBIGH MIGEMIGBoH+gfYZ7bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1hLXNpZ24tU1NM LTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFz ZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MBEGA1UdDgQK BAhN+DMMcvaCMDAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoEUb2ZmaWNlQHdl aW5oYW5kbC5jb20wCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAld3eAHOx /pzqlEGKw9s1FhX/bgHoUVo2YYCJVZKMNJ8Pas0LkDmo9HPTHe0Ljx+Zs71FZ7Mp MHPVnInhcycf9Uha6ypbKtgthOhRabPhcGsdbN9LxZXoVJedUqgtaeccWt40AHG1 HAEYZokLK7NinMcg9UXSmWz0/S0W/69j8OojFSyEgxgQvwzu5u2fMrOmi3eRKUiJ 0yczrKC9EjWV5frKb/ntxW9hqUZxUI6OSlC7G9MQ1kVXC/URM7IQk3XmIWd3U92F 7bwkc4JyjO4FsdbMbGP810R6j6/38yYHoIWtXSxJuZtmWM/vjiSQMoJNhAIoGjDT AZ0eOiApJ2XA8A== -----END CERTIFICATE----- The third one expired a year ago without revocation, serial no. 0x1bc41, subject CN: secure.selectstrom.at, issuer: "C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=a-sign-corporate-light-02, CN=a-sign-corporate-light-02" Ondrej _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography