On Friday, June 16, 2017 at 1:05:37 AM UTC-4, Tavis Ormandy wrote: > Hello, I was crawling the pkcs7 blobs in public pdf files and found some > intermediate certificates that don't appear in crt.sh. > > I forwarded them to Rob, I don't know if this is useful to anyone else, but > they're available here. > > https://lock.cmpxchg8b.com/intermediates.zip > > Tavis. > > (I have a larger collection if anyone wants them, but many have unknown > critical extensions, or are name or usage constrained, etc)
I'm trying to understand this posting. I think the CAs have an obligation to disclose all Intermediate certificates to the CCADB. I don't think that the CAs have an obligation to disclose through CT. Am I right? I did review the zip above and found 3 Entrust/AffirmTrust certificates. These were all disclosed in the CCADB. Thanks, Bruce. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy