On 20/06/16 21:15, Ben Wilson wrote:
When I try to upload some of these listed as "Unconstrained id-kp-serverAuth
Trust" undisclosed, I get a warning that says, "This certificate is
considered to be technically-constrained as per Mozilla policy, so it does
not need to be added to the CA Community in Salesforce. All data that you
enter into Salesforce will be publicly available, so please make sure you do
not enter sensitive information that should not be published. ... I
understand, proceed anyways."
Ben, would you mind telling me which certs you tried to upload?
I'd like to understand why there's a discrepancy.
I also noticed that some on the list are not publicly trusted because the
root is not in the trust store or is not signed by a root that is in the
trust store.
Which ones?
Thanks.
Ben
-----Original Message-----
From: dev-security-policy
[mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On
Behalf Of Peter Bowen
Sent: Monday, June 20, 2016 11:59 AM
To: Rob Stradling <rob.stradl...@comodo.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Intermediate certificate disclosure deadline in 2 weeks
On Fri, Jun 17, 2016 at 4:12 AM, Rob Stradling <rob.stradl...@comodo.com>
wrote:
Friendly reminder to all CA representatives:
Don't forget the June 30th deadline! And don't leave it until the
last minute if you have lots of intermediate certificates to disclose!
https://crt.sh/mozilla-disclosures
...lists (under "Unconstrained id-kp-serverAuth Trust: Disclosure is
required!") the (many!) qualifying intermediate certificates that are
known to CT and that have not yet been disclosed to Salesforce.
I found one bug in this list -- it is including self-signed certificates,
which are not subject to disclosure, as they clearly don't chain back to a
root in the Mozilla trust store.
Thanks,
Peter
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
