Mozilla's April 15 deadline for disclosure of email intermediates that are
not technically constrained has now passed. I have created the following
bugs for the certificates listed at https://crt.sh/mozilla-disclos
ures#undisclosed

* Firmaprofesional: https://bugzilla.mozilla.org/show_bug.cgi?id=1455119
* (The "Buypass Class 2 CA 4" has been revoked and will be added to OneCRL)
* Certicamara: https://bugzilla.mozilla.org/show_bug.cgi?id=1455128
* SwissSign: https://bugzilla.mozilla.org/show_bug.cgi?id=1455132
* T-Systems: https://bugzilla.mozilla.org/show_bug.cgi?id=1455137

And for incomplete disclosure (no audit information in CCADB), I have
created bugs for the certificates listed at https://crt.sh/mozilla-disclos
ures#disclosureincomplete

* DocuSign: previously reported in https://bugzilla.mozilla.org/s
how_bug.cgi?id=1444455. Incident report submitted and remediation plan
proposed
* Camerfirma: https://bugzilla.mozilla.org/show_bug.cgi?id=1455147
* DigiCert: https://bugzilla.mozilla.org/show_bug.cgi?id=1455150 (DigiCert
notified me that they would not be able to meet the deadline, but they are
working to resolve these issues)
* Telia: https://bugzilla.mozilla.org/show_bug.cgi?id=1451953 was created a
few weeks ago. Telia states that they plan to revoke the two undisclosed
certificates in April.

- Wayne
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to