On Fri, Jun 17, 2016 at 4:12 AM, Rob Stradling <rob.stradl...@comodo.com> wrote: > Friendly reminder to all CA representatives: > > Don't forget the June 30th deadline! And don't leave it until the last > minute if you have lots of intermediate certificates to disclose! > > https://crt.sh/mozilla-disclosures > ...lists (under "Unconstrained id-kp-serverAuth Trust: Disclosure is > required!") the (many!) qualifying intermediate certificates that are known > to CT and that have not yet been disclosed to Salesforce.
I found one bug in this list -- it is including self-signed certificates, which are not subject to disclosure, as they clearly don't chain back to a root in the Mozilla trust store. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
