At https://crt.sh/mozilla-disclosures#disclosedbutincrl there are
currently 9 certificates, 1 from Startcom, 1 from Swisscomm and 7 from
Symantec.
In the April 2017 CA communication, they all confirmed: "The current
policy of our CA is that all revoked non-technically-constrained
intermediate certificates chaining up to our root certificates included
in Mozilla's CA Certificate Program will be marked as Revoked in the
Common CA Database within one week of revocation."
The StartCom certificate is revoked on 2017-04-10, the SwissCom on
2017-04-26, and Symantec has two from 2016-10-26, and the others from
2017-05-05.
So all of them except those from 2017-05-05 should have been marked in
the Common CA Database as revoked but haven't been marked as such.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy