Re: Misissued/Suspicious Symantec Certificates

Jakob Bohm Thu, 26 Jan 2017 23:19:48 -0800

(continuing top post for consistency)

For the certificates that are noted as "revoked on the day of
issuance", it would (both in this and the general case), be more
informative to state the revocation delay in a smaller unit of measure,
such as hours (or even smaller if less than an hour).


It is of cause noted, that most of the relevant timestamps are (or were
at the time) recorded with a precision of 1s in published PKI objects,
although parties outside the CA not have an easy way to obtain reliable
copies of the revocation responses that the CA would have issued, and
thus the timestamps of revocation becoming known to revocation-checking
relying parties (which is different from the time that the revocation
may have been also communicated to independent logging systems).

On 27/01/2017 06:36, Ryan Sleevi wrote:

The PDF that was stripped is available at
https://bug1334377.bmoattachments.org/attachment.cgi?id=8831038

On Thu, Jan 26, 2017 at 5:30 PM, Steve Medin <steve_me...@symantec.com>
wrote:

Here is an attached PDF update regarding this certificate problem report.

Kind regards,
Steven Medin
PKI Policy Manager, Symantec Corporation

-----Original Message-----
From: dev-security-policy [mailto:dev-security-policy-
bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of Steve
Medin
Sent: Saturday, January 21, 2017 9:35 AM
To: Andrew Ayer <a...@andrewayer.name>; mozilla-dev-security-
pol...@lists.mozilla.org
Subject: RE: Misissued/Suspicious Symantec Certificates

The listed Symantec certificates were issued by one of our WebTrust

audited

partners. We have reduced this partner's privileges to restrict further
issuance while we review this matter. We revoked all reported

certificates

which were still valid that had not previously been revoked within the 24
hour CA/B Forum guideline - these certificates each had "O=test". Our
investigation is continuing.


_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Misissued/Suspicious Symantec Certificates

Reply via email to