On Fri, Jun 16, 2017 at 2:00 AM, Rob Stradling <rob.stradl...@comodo.com> wrote:
> On 16/06/17 06:05, Tavis Ormandy via dev-security-policy wrote: > >> Hello, I was crawling the pkcs7 blobs in public pdf files and found some >> intermediate certificates that don't appear in crt.sh. >> >> I forwarded them to Rob, I don't know if this is useful to anyone else, >> but >> they're available here. >> >> https://lock.cmpxchg8b.com/intermediates.zip >> >> Tavis. >> > > Thanks Tavis. I've just submitted all of these intermediates to some CT > logs. > > This list just grew considerably... > https://crt.sh/mozilla-disclosures#undisclosed > > (I have a larger collection if anyone wants them, but many have unknown >> critical extensions, or are name or usage constrained, etc) >> > > Yes please. :-) > > Is there an easy way to check which certificates from my set you're missing? (I'm not a PKI guy, I was collecting unusual extension OIDs for fuzzing). I collected these from public sources, so can just give you my whole set if you already have tools for importing them and don't mind processing them, I have around ~8M (mostly leaf) certificates, the set with isCa will be much smaller. Tavis. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy