Bonjour, Le mardi 10 mai 2016 10:10:49 UTC+2, Kurt Roeckx a écrit : > On 2016-05-10 02:07, Kathleen Wilson wrote: > > Thanks to all of you who have reviewed and commented on this request from > > DocuSign to include the following root certificates, turn on the Websites > > and Email trust bits for all of them, and enable EV treatment for all of > > them. > > + Certplus Root CA G1 - (SHA512, RSA4096) > > + Certplus Root CA G2 - (SHA384, ECC) > > + OpenTrust Root CA G1 - (SHA256, RSA4096) > > + OpenTrust Root CA G2 - (SHA512, RSA4096) > > + OpenTrust Root CA G3 - (SHA384, ECC) > > I'm only finding 1 certificate during the last week, and it has a > problem with the encoding: > https://crt.sh/?id=18733629&opt=x509lint > > It's using a PrintableString with "Hautes-Pyrénées" in it, which is > clearly wrong. A PrintableString has a very limited amount of valid > characters. All their strings are PrintableStrings. They should > probably switch most of those to UTF8String.
It's clearly wrong, yes, and we're checking and changing legacy configuration files to UTF8String (except specific attributes such as countryName or domainComponent). This will be done before 30/06/2016. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
