On 02/09/16 20:07, Kathleen Wilson wrote: > This request by DocuSign (OpenTrust/Keynectis/Certplus) is to include > the following root certificates, turn on the Websites and Email trust > bits for all of them, and enable EV treatment for all of them. These new > certs will eventually replace the ‘Certplus Class 2’ root certificate
These certificates chain to the 'Certplus Class 2' root and contain a trailing space in one of their dNSName SANs: notBefore in 2016: https://crt.sh/?id=12994171&opt=cablint notBefore in 2015: https://crt.sh/?id=10643272&opt=cablint https://crt.sh/?id=9651778&opt=cablint > that was included via Bugzilla Bug #335392. > + Certplus Root CA G1 - (SHA512, RSA4096) > + Certplus Root CA G2 - (SHA384, ECC) > + OpenTrust Root CA G1 - (SHA256, RSA4096) > + OpenTrust Root CA G2 - (SHA512, RSA4096) > + OpenTrust Root CA G3 - (SHA384, ECC) > > Previously the company was known as Keynectis, with the Certplus and > OpenTrust brands, issuing certs to public or private corporations, > associations. > [snip] _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy