The CTJ one was issued in 2013 and is a five year cert (which was also prohibited under the BRs at that time_. It should have been revoked much earlier, of course.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Jonathan Rudenberg via dev-security-policy Sent: Saturday, August 12, 2017 7:53 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Certificates with reserved IP addresses Baseline Requirements section 7.1.4.2.1 prohibits ipAddress SANs from containing IANA reserved IP addresses and any certificates containing them should have been revoked by 2016-10-01. There are seven unexpired unrevoked certificates that are known to CT and trusted by NSS containing reserved IP addresses. The full list can be found at: https://misissued.com/batch/7/ DigiCert TI Trust Technologies Global CA (5) Cybertrust Japan Public CA G2 (1) PROCERT PSCProcert (1) It’s also worth noting that three of the "TI Trust Technologies” certificates contain dnsNames with internal names, which are prohibited under the same BR section. Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy