Thank you, Charles and Tom, for bringing this to the forefront. We have contacted the cross-signed partner and asked for an explanation. We've also demanded revocation within 24 hours and a full scan to determine whether any other certificates exist.
Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Charles Reiss via dev-security-policy Sent: Wednesday, July 19, 2017 7:02 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Certificate with invalid dnsName On 07/19/2017 06:03 PM, Tom wrote: > Following that discovery, I've search for odd (invalid?) DNS names. > Here is the list of certificated I've found, it may overlap some > discovery already reported. > If I'm correct, theses certificate are not revoked, not expired, and > probably trusted by Mozilla (crt.sh issuer are marked trusted by > Mozilla, but not all). > [snip] Some additional problematic certs: chains to Swisscom: https://crt.sh/?id=175444569 wxadm.swissucc.local chains to CATCert, notBefore in 2017: https://crt.sh/?id=98706307 maritim4.mmaritim.local chains to PROCERT, notBefore in 2017: https://crt.sh/?id=175466182 fospuca.local chains to Baltimore Cybertrust Root (DigiCert): https://crt.sh/?id=12344381 lorweb.local chains to Baltimore Cybertrust Root (DigiCert), notBefore in 2017: https://crt.sh/?id=175469208 skbfep01.justica.local https://crt.sh/?id=175469209 energy.ctd and pt chains to QuoVadis, notBefore in 2017: https://crt.sh/?id=175466199 devsrv.pe.siemens.info-com (swapped -/.) chains to DocuSign, notBefore in 2017: https://crt.sh/?id=99149574 "www.immonotaireargus.com " (trailing space) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy