----- Original Message ----- > From: "Kathleen Wilson" <kwil...@mozilla.com> > To: mozilla-dev-security-pol...@lists.mozilla.org > Sent: Tuesday, September 2, 2014 10:43:56 PM > Subject: Re: Removal of 1024 bit roots - Thawte and GTE CyberTrust > > On 9/2/14, 10:53 AM, Hubert Kario wrote: > > Removing the Thawte 1024 bit roots[1] causes following changes: > > > > Untrusted: +33 sites. > > Incomplete chain: +153, -2 sites. > > Complete chain: -184 sites. > > > > Sites that become untrusted: > > aclens.com@199.242.144.30 > > brillenplatz.de@83.141.56.30 > > copagloja.com.br@54.225.100.66 > > cqccms.com.cn@124.207.135.23 > > datatilsynet.no@80.232.122.99 > > drewag.de@77.75.249.212 > > easy-forex.com@64.14.56.6 > > fachverlag-computerwissen.de@78.111.65.215 > > foreverwedstore.com@208.77.51.191 > > gold-super-markt.de@94.186.152.196 > > gold-to-go.com@94.186.152.196 > > golf.de@194.97.154.131 > > gumball3000.com@134.0.19.106 > > jokerit.com@89.250.52.17 > > loytec.com@88.198.4.4 > > madeindesign.de@194.213.124.118 > > meventi.com@78.47.246.235 > > motor-talk.de@94.198.62.121 > > nct.ie@193.120.166.32 > > ncts.ie@193.120.166.32 > > now.cn@119.146.222.146 > > pctonline.com@66.181.99.28 > > recyclingtoday.com@66.181.99.26 > > santander.be@212.78.166.49 > > showoffimports.nl@91.216.34.51 > > slotastic.com@54.204.19.24 > > tcd.ie@134.226.14.90 > > todaynic.com@119.146.222.146 > > whitireia.ac.nz@202.2.11.59 > > www.cqccms.com.cn@125.35.1.213 > > www.now.cn@119.146.222.153 > > www.todaynic.com@119.146.222.153 > > www.uri.edu@131.128.1.19 > > > > > Looks like those SSL certs are 5 year certs that were issued in 2010, so > those site administrators will be needing to update their certs within > the next year. > > The change is currently targeted for Firefox 35 (early January). That > gives Thawte/Symantec time to contact these customers, and get their > certs updated.
OK, I'll definitely will do another scan before that time. > > Removal of the GTE root has bigger impact: > > > > complete -86 > > incomplete +17, -8 > > untrusted +77 > > > > since the list is so large I won't be quoting it here. > > Would you please attach the list to the bug? done -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
