On 07/19/2017 06:03 PM, Tom wrote:
Following that discovery, I've search for odd (invalid?) DNS names.
Here is the list of certificated I've found, it may overlap some
discovery already reported.
If I'm correct, theses certificate are not revoked, not expired, and
probably trusted by Mozilla (crt.sh issuer are marked trusted by
Mozilla, but not all).
[snip]
Some additional problematic certs:
chains to Swisscom:
https://crt.sh/?id=175444569 wxadm.swissucc.local
chains to CATCert, notBefore in 2017:
https://crt.sh/?id=98706307 maritim4.mmaritim.local
chains to PROCERT, notBefore in 2017:
https://crt.sh/?id=175466182 fospuca.local
chains to Baltimore Cybertrust Root (DigiCert):
https://crt.sh/?id=12344381 lorweb.local
chains to Baltimore Cybertrust Root (DigiCert), notBefore in 2017:
https://crt.sh/?id=175469208 skbfep01.justica.local
https://crt.sh/?id=175469209 energy.ctd and pt
chains to QuoVadis, notBefore in 2017:
https://crt.sh/?id=175466199 devsrv.pe.siemens.info-com (swapped -/.)
chains to DocuSign, notBefore in 2017:
https://crt.sh/?id=99149574 "www.immonotaireargus.com " (trailing space)
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy