Bonsoir, Le mercredi 17 février 2016 02:11:58 UTC+1, Charles Reiss a écrit : > On 02/09/16 20:07, Kathleen Wilson wrote: > > This request by DocuSign (OpenTrust/Keynectis/Certplus) is to include > > the following root certificates, turn on the Websites and Email trust > > bits for all of them, and enable EV treatment for all of them. These new > > certs will eventually replace the 'Certplus Class 2' root certificate > > These certificates chain to the 'Certplus Class 2' root and contain a > trailing space in one of their dNSName SANs: > > notBefore in 2016: > https://crt.sh/?id=12994171&opt=cablint > notBefore in 2015: > https://crt.sh/?id=10643272&opt=cablint > https://crt.sh/?id=9651778&opt=cablint
Thank you for the information, we will investigate the events chains that came to the production of these certificates. On first analysis, it seems it's a human error during a copy/paste operation, and a clarification of the procedures is necessary. The self-audit tool we use for our quarterly self-audits will also be extended to detect that kind of defect. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy