Le mercredi 18 octobre 2017 11:15:03 UTC+2, Rob Stradling a écrit : > I've completed a full scan of the crt.sh DB, which found 171 certs with > ROCA fingerprints. > > The list is at https://misissued.com/batch/28/ > > Many of these are Qualified/EUTL certs rather than anything to do with > the WebPKI. Only about half of them chain to roots that are trusted by NSS.
Of all the Trust Anchors present in the German TSL and ROCA-fingerprinted (I've counted 79 certificates), 8 still have a "granted" status, the other ones have a "withdrawn" status. Among the "granted" ones, 4 are 2048bits keys, 4 are 3072bits keys. All the D-Trust affected services have been withdrawn on 25 September 2017. 22 of the other withdrawn services have been switched on 4 August 2017. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy