On 28/10/16 16:11, Patrick Figel wrote: > I found a number of SHA-1 certificates chaining up to CAs trusted by > Mozilla that have not been brought up on this list or on Bugzilla yet. > Apologies in case I missed prior discussion for any of these, and kudos > to censys for making this search incredibly easy.
Thank you for reporting these. Bugs filed: https://bugzilla.mozilla.org/show_bug.cgi?id=1313872 (DigiCert) https://bugzilla.mozilla.org/show_bug.cgi?id=1313873 (DocuSign) https://bugzilla.mozilla.org/show_bug.cgi?id=1313874 (Gov of Spain) Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy