On 22/06/17 10:51, Rob Stradling via dev-security-policy wrote:
On 19/06/17 20:41, Tavis Ormandy via dev-security-policy wrote:
<snip>
Is this useful? if not, what key usage is interesting?
https://lock.cmpxchg8b.com/ServerOrAny.zip
Thanks for this, Tavis. I pointed my certscraper
(https://github.com/robstradling/certscraper) at this URL a couple of
days ago. This submitted many of the certs to the Dodo and Rocketeer logs.
However, it didn't manage to build chains for all of them. I haven't
yet had a chance to investigate why.
There are ~130 CA certificates in
https://lock.cmpxchg8b.com/ServerOrAny.zip that I've not yet been able
to submit to any CT logs.
Reasons:
- Some are only trusted by the old Adobe CDS program.
- Some are only trusted for Microsoft Kernel Mode Code Signing.
- Some are very old roots that are no longer trusted.
- Some are corrupted.
- Some seem to be from private PKIs.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy