We can revoke them all by then. The question is do the browsers really want us to?
Since we started a public discussion, here's the details: There are several prominent websites that use certs with underscore characters in connection with major operations. I was hoping to get permission to post the names of these companies before I started a public discussion, but se le vie - the discussion already started. These companies are currently in their blackout period which ends around mid-Jan. We're scheduled to revoke on Jan 14th per the BR change. However, we've heard back from several of them that they won't complete the migration by then. This will take down several of the Fortune 500's websites for a change in the BRs that no one can understand. What we're wondering is how the browsers feel about revocation vs. shutting down the sites. Public discussion is welcome while I still try to get the names. Unfortunately, most companies of that size require a legal review of the communication before we can post their name... -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Ryan Sleevi via dev-security-policy Sent: Thursday, November 29, 2018 12:19 PM To: Wayne Thayer <wtha...@mozilla.com> Cc: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: DigiCert Assured ID Root CA and Global Root CA EV Request This deadline is roughly five weeks before all underscore certificates must be revoked (per Ballot SC12). Given the number of underscore certificates under various DigiCert operated hierarchies, would you think it appropriate to consider whether or not SC12 (and, prior to that, the existing BR requirements in force when those certificates were issued) was followed by that date? More concretely: If DigiCert were to fail to revoke certificates by that deadline, would it be a reason to consider denying EV status to these roots / removing (if a decision is made to grant) it? I realize the goal is to close discussion a month prior to that date, but I suspect such guidance about the risk of failing to abide by SC12, and failing to revoke by January 15, would be incredibly valuable to DigiCert and their customers. On Thu, Nov 29, 2018 at 1:39 PM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Reminder: the 3-week discussion period for this request to EV-enable > two DigiCert roots ends next Friday 7-December. > > - Wayne > > On Fri, Nov 16, 2018 at 5:00 PM Wayne Thayer <wtha...@mozilla.com> wrote: > > > This request is to enable EV treatment for the DigiCert Assured ID > > Root > CA > > and DigiCert Global Root CA as documented in the following bug: > > https://clicktime.symantec.com/a/1/adm9pTelz2Ycom-02ypNzTJ8tHbaHBnhr > > 4KpinQCwlc=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid% > > 3D1165472 > > > > * BR Self Assessment is here: > > https://clicktime.symantec.com/a/1/yUphkRZlY4hiWQzfLqXz_e6_F7P6T9IN6 > > gvhgZ8YgRI=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbug1165472.bmoattachments.org%2Fattachmen > > t.cgi%3Fid%3D8960346 > > > > * Summary of Information Gathered and Verified: > > https://clicktime.symantec.com/a/1/25vbrlC4oNIH-rmRpBBOoNpXg9-MyHD3b > > Arsg3rBYtU=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbug1165472.bmoattachments.org%2Fattachmen > > t.cgi%3Fid%3D8987141 > > > > * Root Certificate Download URLs: > > ** Global: https://www.digicert.com/CACerts/DigiCertGlobalRootCA.crt > > ** Assured: > > https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt > > > > * CP/CPS: > > ** CP: > > https://www.digicert.com/wp-content/uploads/2018/08/DigiCert_CP_v416 > > .pdf > > ** CPS: > > > https://www.digicert.com/wp-content/uploads/2018/08/DigiCert_CPS_v416. > pdf > > > > * These roots are already included with Websites and Email trust > > bits. EV treatment is requested. > > ** EV Policy OID: 2.23.140.1.1 > > ** Original inclusion request: > > https://clicktime.symantec.com/a/1/WoyWUFbnpkb4mbYZEFqYVeHOLyYBa9QA_ > > E7BVELpayo=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid% > > 3D364568 > > > > * Test Websites: > > ** Global: > > *** Valid: https://global-root-ca.chain-demos.digicert.com/ > > ***Expired: https://global-root-ca-expired.chain-demos.digicert.com/ > > *** Revoked: > > https://global-root-ca-revoked.chain-demos.digicert.com/ > > ** Assured: > > *** Valid: https://assured-id-root-ca.chain-demos.digicert.com/ > > ***Expired: > > https://assured-id-root-ca-expired.chain-demos.digicert.com/ > > *** Revoked: > https://assured-id-root-ca-revoked.chain-demos.digicert.com/ > > > > * CRL URLs: > > ** Global: http://crl3.digicert.com/DigiCertGlobalRootCA.crl and > > http://crl4.digicert.com/DigiCertGlobalRootCA.crl > > ** Assured: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl and > > http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl > > > > * OCSP URL: http://ocsp.digicert.com/ > > > > * Audit: Annual audits are performed by Scott S Perry, CPA according > > to the WebTrust for CA, BR, and EV audit criteria. > > ** WebTrust: > > https://clicktime.symantec.com/a/1/xUfp8YkRY4bmisyJbV3vrcdh6t1ivVaSu > > pfWf4rjru8=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fcert.webtrust.org%2FViewSeal%3Fid%3D2452 > > ** BR: > > https://clicktime.symantec.com/a/1/XxCChbVOI6x4T0xXj3mYGLskxSLg7PEes > > qb-ZCodC-w=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fwww.cpacanada.ca%2Fwebtrustseal%3Fsealid% > > 3D2453 > > ** EV: > > https://clicktime.symantec.com/a/1/UGW5q2yxuSpQkiZdmASM_exdyNuTMq7sB > > KM5AESInbg=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fwww.cpacanada.ca%2Fwebtrustseal%3Fsealid% > > 3D2454 > > > > Additionally, DigiCert is undergoing quarterly audits (due to the > Symantec > > acquisition) that include the DigiCert Global Root CA and has been > posting > > the reports [1]. > > > > > > I’ve reviewed the CPS, BR Self Assessment, and related information > > for > the > > DigiCert Assured ID Root CA and DigiCert Global Root CA request that > > is being tracked in this bug and have the following comments: > > > > ==Good== > > * Other than my two comments below, the CP and CPS are in good shape > > and they are well written and regularly updated. > > > > ==Meh== > > * These are old roots, created in 2006, however, DigiCert has > > provided a continuous chain of audits back to their creation [1] > > * CPS section 3.2.2 permitted DigiCert to use vulnerable BR domain > > validation methods 3.2.2.4.9 and 3.2.2.4.10. They are described as > > deprecated in the latest version. > > * DigiCert has had quite a number of compliance bugs over the past > > 18 months [2]. All but one is resolved (that one is awaiting the > > subordinate CA to move to a managed PKI), DigiCert is generally > > responsive, and they have self-reported a number of these issues. > > > > ==Bad== > > * DigiCert’s most recent quarterly audit report states “During our > > examination, we noted DigiCert publicly reported ( > > https://clicktime.symantec.com/a/1/O9JYNG1ODgoz45BvP1rtuQ1QxiPhhm7y9 > > a3dEe7U0fg=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid% > > 3D1483715) that it continued to rely on a deprecated method of > > domain validation when renewing certificates after the stated > > transition date of August 1, 2018. As a result, DigiCert had to > > revalidate all affected 1233 certificates over > 154 > > domains.“ At least one of the certificates the required revalidation > chains > > to the DigiCert Global Root CA. > > * The TERENA SSL CA 3 subordinate has misissued a number of > > certificates [3], most of which are not revoked. DigiCert’s response > > in this bug > states > > “We were under the impression from previous communications with > > Mozilla that certain types of errors identified did not require > > certificate revocation. It would help if Mozilla could indicate > > which certificate errors are believed to require revocation. We will > > then review the lists > to > > see which certificates need to be revoked.” I do not believe that > > Mozilla should create such a list, and we have set a precedent for > > requiring revocation for at least some of the errors that are identified - > > e.g. > > metadata in subject fields [4]. > > * In addition, DigiCert previously reported that they had addressed > > the problem of metadata in subject fields for certificates issued by > > the > Terena > > subordinate [5]. > > * Linters identify a large number of misissued certificates under > > the DigiCert SHA2 Secure Server CA intermediate [6]. Many of these > > are false positives (e.g. ZLint expects CN and SAN fields to be > > lowercased), but > some > > are not and of those many are not revoked - e.g. [7]. > > * CPS section 3.2.2 did not, in my opinion, adequately specify the > > procedures employed to perform email address verification as > > required by Mozilla policy section 2.2(2). The latest update addressed this. > > > > This begins the 3-week comment period for this request [8]. > > > > I will greatly appreciate your thoughtful and constructive feedback > > on > the > > decision to grant EV treatment to these root certificates. > > > > - Wayne > > > > [1] > > https://clicktime.symantec.com/a/1/JsoAuHhi-PH3oxLp8eOn2RnOWn1RegTIf > > 8D4HkGnT3k=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid% > > 3D1458024 > > [2] > > > https://clicktime.symantec.com/a/1/d9qobeACNddYcwU0y3KulpBh5BAI5g357_X > 3bLQziI8=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60I9sh > ljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZwj0sxr > bkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_YznwhbxUEM3 > Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWouOh1_O4h9kg > 5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInYiEi2JE0QsZhn > Vjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53MtwMtvuAgtBBYQ > hASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIeJAcE67idnv&u=htt > ps%3A%2F%2Fbugzilla.mozilla.org%2Fbuglist.cgi%3Ff1%3Dcreation_ts%26lis > t_id%3D14436306%26short_desc%3Ddigicert%26o1%3Dgreaterthan%26resolutio > n%3D---%26resolution%3DFIXED%26resolution%3DINVALID%26resolution%3DWON > TFIX%26resolution%3DINACTIVE%26resolution%3DDUPLICATE%26resolution%3DW > ORKSFORME%26resolution%3DINCOMPLETE%26resolution%3DSUPPORT%26resolutio > n%3DEXPIRED%26resolution%3DMOVED%26query_format%3Dadvanced%26short_des > c_type%3Dallwordssubstr%26v1%3D2017-09-01%26component%3DCA%2520Certifi > cate%2520Compliance > > [3] > > > https://clicktime.symantec.com/a/1/cv29LZ0aMprGOGP3_i9pJvIKtU03dtxW01C > lStku4ME=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60I9sh > ljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZwj0sxr > bkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_YznwhbxUEM3 > Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWouOh1_O4h9kg > 5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInYiEi2JE0QsZhn > Vjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53MtwMtvuAgtBBYQ > hASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIeJAcE67idnv&u=htt > ps%3A%2F%2Fcrt.sh%2F%3Fcaid%3D1687%26opt%3Dcablint%2Czlint%2Cx509lint% > 26minNotBefore%3D2017-01-01 > > [4] > > https://clicktime.symantec.com/a/1/xc0YnRyh-a3ErupOK8QqNRBNxXuPDjBX9 > > Aqp368RZ0E=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fcrt.sh%2F%3Fid%3D629259396%26opt%3Dcablin > > t [5] > > https://clicktime.symantec.com/a/1/SV_QEIGx9OD76mw9OSUCq01xxi0dND28F > > gvPNzlkUVg=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid% > > 3D1397958 > > [6] > > > https://clicktime.symantec.com/a/1/a5MBE9vDL2Lz9YnepFJgbhktPwQwb5rd833 > IHUVRsKI=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60I9sh > ljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZwj0sxr > bkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_YznwhbxUEM3 > Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWouOh1_O4h9kg > 5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInYiEi2JE0QsZhn > Vjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53MtwMtvuAgtBBYQ > hASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIeJAcE67idnv&u=htt > ps%3A%2F%2Fcrt.sh%2F%3Fcaid%3D1191%26opt%3Dcablint%2Czlint%2Cx509lint% > 26minNotBefore%3D2017-01-01 > > [7] > > https://clicktime.symantec.com/a/1/NvH3EThd5lzzDF41sCi-VlkV7i-tAOz7q > > B9EZCo9Hig=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fcrt.sh%2F%3Fid%3D286404787%26opt%3Dzlint > > [8] > > https://clicktime.symantec.com/a/1/6dqQTS86zKEnATv1ByYBYXBQbs1t1FLW6 > > L7OQulY_5c=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60 > > I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZ > > wj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_Yzn > > whbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWou > > Oh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInY > > iEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53 > > MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIe > > JAcE67idnv&u=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FApplication_Proce > > ss > > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/45-p_OLIEymkbRnqdgO-Lanwpk8_elXpRzC > EC3gwZaU=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60I9sh > ljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZwj0sxr > bkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_YznwhbxUEM3 > Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWouOh1_O4h9kg > 5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInYiEi2JE0QsZhn > Vjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53MtwMtvuAgtBBYQ > hASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIeJAcE67idnv&u=htt > ps%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://clicktime.symantec.com/a/1/45-p_OLIEymkbRnqdgO-Lanwpk8_elXpRzCEC3gwZaU=?d=zggbfQ2UquIn-SV-ucU3iLEdxhFMiq9MN3zVHKS1lUo4wrDAUuqZ60I9shljs32UPhv8ZKpenr8hGgACWBJQrC9TNT4MdeUNlx4r0FqYnMxjtk9I9D49tOkWtZwj0sxrbkFcuZl85ZMSfeIlCdKJ96uNLEdf69FG7V89Toz5h22AkEfM_tEXPrs3ti_YznwhbxUEM3Sl81xgMn2mpjaK7cCHEKPqRh8Dn_R4vcnJy6zt5RgUOFuv1qN6pb42VMrWouOh1_O4h9kg5tdN2MXZWioTc_3R_vMMU9o2nZiqPiouWRNjh4TEGzFOR8SlK0FjgcpInYiEi2JE0QsZhnVjv7YlCCPUTD2FS8gGmmV2uvocQ50Z2diXYy3hVHEUMrM60G6enQ8T53MtwMtvuAgtBBYQhASQcVfUJLruxU2rEDumYU2H0S1WsiMlCf8oIda7Z3kTsfw77J6kIeJAcE67idnv&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
