On Fri, May 22, 2020 at 10:38:34AM +0200, Hanno Böck via dev-security-policy wrote: > Just reported this to Chunghwa Telecom Co., Ltd.: > > ---------- > > I'm contacting you about a problem with the certificate for > *.hinet.net, as it can be found here [1]. > > The Authority Information Access / CA Issuers field points to: > http://repository.publicca.hinet.net/certs/IssuedToThisCA.p7b > > According to RFC 5280 this must be a DER-encoded certificate. See also > recent discussion on the Mozilla policy list [2]. > However this does not look like a different certificate encoding (PKCS > #7 binary). > > Please make sure you serve a correct, DER-encoded intermediate via the > AIA field.
It does say: or a collection of certificates in a BER or DER encoded "certs-only" CMS message as specified in [RFC2797]. And it's currently not clear to me if that PKCS #7 file is such a file or not. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy