Mozilla's April 15 deadline for disclosure of email intermediates that are not technically constrained has now passed. I have created the following bugs for the certificates listed at https://crt.sh/mozilla-disclos ures#undisclosed
* Firmaprofesional: https://bugzilla.mozilla.org/show_bug.cgi?id=1455119 * (The "Buypass Class 2 CA 4" has been revoked and will be added to OneCRL) * Certicamara: https://bugzilla.mozilla.org/show_bug.cgi?id=1455128 * SwissSign: https://bugzilla.mozilla.org/show_bug.cgi?id=1455132 * T-Systems: https://bugzilla.mozilla.org/show_bug.cgi?id=1455137 And for incomplete disclosure (no audit information in CCADB), I have created bugs for the certificates listed at https://crt.sh/mozilla-disclos ures#disclosureincomplete * DocuSign: previously reported in https://bugzilla.mozilla.org/s how_bug.cgi?id=1444455. Incident report submitted and remediation plan proposed * Camerfirma: https://bugzilla.mozilla.org/show_bug.cgi?id=1455147 * DigiCert: https://bugzilla.mozilla.org/show_bug.cgi?id=1455150 (DigiCert notified me that they would not be able to meet the deadline, but they are working to resolve these issues) * Telia: https://bugzilla.mozilla.org/show_bug.cgi?id=1451953 was created a few weeks ago. Telia states that they plan to revoke the two undisclosed certificates in April. - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy