Adding some data points for use by future readers of this thread. On 08/01/2019 03:26, Corey Bonnell wrote: > (Posting in a personal capacity as I am no longer employed by Trustwave) > > Mozilla Root Store Policy section 5.1 > (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/) > prohibits the use of P-521 keys in root certificates included in the Mozilla > trust store, as well as in any certificates chaining to these roots. This > prohibition was made very clear in the discussion on this list in 2017 at > https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/7O34-DmZeC8/fsKobHABAwAJ. >
This is Message-Id <mailman.277.1498571508.14893.dev-security-pol...@lists.mozilla.org> Dated 2017-Jun-27 with Subject "P-521" and starts an approximately 2 week long thread where arguments were made for and against reinstatating P-521. Arguments were weak on both sides, but the "keep banning P-521" side was chosen at the end. As noted by others, the ban was checked into draft policy on 2017-Feb-20 and took effect upon publication on 2017-Feb-28 . There was no explicit transition rule for existing certificates, thus certificates issued before 2017-Feb-28 are presumably exempt until their normal expiry. > Below is a list of unexpired, unrevoked certificates which contain P-521 > public keys (grouped by CA Owner and ordered by notBefore): > > Sectigo > crt.sh URL, notBefore, notAfter, issuer CN > ------------------------------------------ > https://crt.sh/?id=6371802, 2015-01-23, 2020-01-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=13764502, 2015-10-17, 2019-01-16, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=308269873, 2016-10-22, 2019-10-09, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=307896586, 2017-01-23, 2019-01-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=308306899, 2017-01-27, 2020-01-27, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=308113189, 2017-03-22, 2020-03-06, InCommon ECC Server CA > https://crt.sh/?id=307650153, 2017-03-26, 2020-03-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=307656068, 2017-04-20, 2020-07-18, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=307534525, 2017-05-18, 2020-05-18, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=308201491, 2017-06-27, 2020-06-26, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=292253731, 2017-12-31, 2019-12-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=325088752, 2018-02-07, 2019-02-07, Gandi Standard SSL CA 2 > https://crt.sh/?id=495848274, 2018-02-25, 2019-02-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=363803336, 2018-03-23, 2020-05-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=369709685, 2018-03-29, 2019-04-28, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=369824505, 2018-03-29, 2020-03-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=377999330, 2018-04-05, 2020-04-04, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=395687551, 2018-04-14, 2019-04-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=441476932, 2018-04-14, 2019-04-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=419677583, 2018-04-25, 2020-04-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=419685986, 2018-04-25, 2020-04-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=441178023, 2018-05-05, 2019-05-05, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=441178000, 2018-05-05, 2019-05-05, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=447475737, 2018-05-07, 2020-05-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=447484644, 2018-05-07, 2020-05-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=453793669, 2018-05-10, 2019-05-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=453793685, 2018-05-10, 2019-05-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=455176361, 2018-05-11, 2019-05-11, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=455176321, 2018-05-11, 2019-05-11, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=463185238, 2018-05-15, 2019-05-15, USERTrust ECC Domain > Validation Secure Server CA > https://crt.sh/?id=463092619, 2018-05-15, 2019-05-12, USERTrust ECC Domain > Validation Secure Server CA > https://crt.sh/?id=463092603, 2018-05-15, 2019-05-12, USERTrust ECC Domain > Validation Secure Server CA > https://crt.sh/?id=463185322, 2018-05-15, 2019-05-15, USERTrust ECC Domain > Validation Secure Server CA > https://crt.sh/?id=499794005, 2018-06-01, 2020-02-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=498922190, 2018-06-01, 2019-06-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=499725167, 2018-06-01, 2020-02-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=498922249, 2018-06-01, 2019-06-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=505121345, 2018-06-04, 2020-06-03, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=505085090, 2018-06-04, 2020-06-03, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=513249599, 2018-06-08, 2019-09-06, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=513249610, 2018-06-08, 2019-09-06, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=524442289, 2018-06-13, 2020-06-12, InCommon RSA Server CA > https://crt.sh/?id=524489119, 2018-06-13, 2020-06-12, InCommon RSA Server CA > https://crt.sh/?id=526991990, 2018-06-14, 2020-06-13, InCommon RSA Server CA > https://crt.sh/?id=527107074, 2018-06-14, 2020-06-13, InCommon RSA Server CA > https://crt.sh/?id=539581571, 2018-06-20, 2020-03-07, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=539583525, 2018-06-20, 2020-03-07, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=542849108, 2018-06-24, 2020-06-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=542849110, 2018-06-24, 2020-06-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=543995312, 2018-06-25, 2019-06-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=543995179, 2018-06-25, 2019-06-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=591996350, 2018-07-11, 2019-07-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=591996006, 2018-07-11, 2019-07-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=596168840, 2018-07-12, 2019-07-12, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=596168871, 2018-07-12, 2019-07-12, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=597412454, 2018-07-14, 2019-07-14, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=597412673, 2018-07-14, 2019-07-14, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=606946421, 2018-07-20, 2020-07-19, InCommon RSA Server CA > https://crt.sh/?id=606946466, 2018-07-20, 2020-07-19, InCommon RSA Server CA > https://crt.sh/?id=615391317, 2018-07-22, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=615391414, 2018-07-22, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=617047567, 2018-07-23, 2019-07-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=608218571, 2018-07-23, 2020-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=608218537, 2018-07-23, 2020-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=617047089, 2018-07-23, 2019-07-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620400049, 2018-07-26, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620395555, 2018-07-26, 2019-07-26, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620395705, 2018-07-26, 2019-07-26, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620131184, 2018-07-26, 2019-12-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620131002, 2018-07-26, 2019-12-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=620399817, 2018-07-26, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629323969, 2018-08-01, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629132167, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=628399531, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629128772, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629128648, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629323768, 2018-08-01, 2019-07-22, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=629131924, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=628400266, 2018-08-01, 2019-08-01, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=637932875, 2018-08-08, 2020-08-07, InCommon RSA Server CA > https://crt.sh/?id=637932860, 2018-08-08, 2020-08-07, InCommon RSA Server CA > https://crt.sh/?id=638329218, 2018-08-09, 2020-08-08, InCommon RSA Server CA > https://crt.sh/?id=638345465, 2018-08-09, 2020-08-08, InCommon RSA Server CA > https://crt.sh/?id=638608733, 2018-08-10, 2020-08-09, InCommon ECC Server CA > https://crt.sh/?id=638608725, 2018-08-10, 2020-08-09, InCommon ECC Server CA > https://crt.sh/?id=647283822, 2018-08-13, 2020-01-12, TrustSign BR > Certification Authority (DV) 2 > https://crt.sh/?id=647283833, 2018-08-13, 2020-01-12, TrustSign BR > Certification Authority (DV) 2 > https://crt.sh/?id=648703027, 2018-08-14, 2019-07-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=648703097, 2018-08-14, 2019-07-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=649508017, 2018-08-16, 2020-09-14, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=649497464, 2018-08-16, 2020-09-14, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=651708845, 2018-08-17, 2020-10-06, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=650968319, 2018-08-17, 2019-08-17, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=651708880, 2018-08-17, 2020-10-06, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=650968313, 2018-08-17, 2019-08-17, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=655979498, 2018-08-20, 2019-08-20, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=655979734, 2018-08-20, 2019-08-20, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=702937626, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=703704444, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=703626516, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=703570156, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=703034958, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=703704688, 2018-09-01, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=715244655, 2018-09-04, 2020-09-03, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=715180338, 2018-09-04, 2020-09-03, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=718386742, 2018-09-05, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=718316167, 2018-09-05, 2020-08-31, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=721949738, 2018-09-06, 2020-09-05, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=721903071, 2018-09-06, 2020-09-05, COMODO ECC Organization > Validation Secure Server CA > https://crt.sh/?id=732224783, 2018-09-10, 2020-09-09, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=732180667, 2018-09-10, 2020-09-09, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=742122634, 2018-09-13, 2020-09-27, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=742146772, 2018-09-13, 2020-09-27, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=743367517, 2018-09-13, 2020-09-12, InCommon RSA Server CA > https://crt.sh/?id=743250702, 2018-09-13, 2020-09-12, InCommon RSA Server CA > https://crt.sh/?id=760484279, 2018-09-17, 2020-09-16, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=760522493, 2018-09-17, 2020-09-16, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=841848220, 2018-10-09, 2019-10-09, DOMENY SSL DV > Certification Authority > https://crt.sh/?id=841847447, 2018-10-09, 2019-10-09, DOMENY SSL DV > Certification Authority > https://crt.sh/?id=849247022, 2018-10-11, 2020-10-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=849224923, 2018-10-11, 2020-10-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=879713746, 2018-10-21, 2020-11-27, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=879682087, 2018-10-21, 2020-11-27, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=885247476, 2018-10-23, 2019-10-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=885208207, 2018-10-23, 2019-10-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=885248041, 2018-10-23, 2019-10-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=885208204, 2018-10-23, 2019-10-23, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=887807299, 2018-10-24, 2019-01-22, DOMENY SSL DV > Certification Authority > https://crt.sh/?id=887807764, 2018-10-24, 2019-01-22, DOMENY SSL DV > Certification Authority > https://crt.sh/?id=901267132, 2018-10-29, 2020-10-28, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=901267026, 2018-10-29, 2020-10-28, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=907036453, 2018-10-31, 2019-01-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=907036502, 2018-10-31, 2019-01-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=922822862, 2018-11-06, 2019-02-04, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=922823047, 2018-11-06, 2019-02-04, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=930339735, 2018-11-08, 2020-11-07, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=930339745, 2018-11-08, 2020-11-07, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=960746353, 2018-11-20, 2021-02-21, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=960649340, 2018-11-20, 2021-02-21, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=971777686, 2018-11-24, 2019-11-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=971777541, 2018-11-24, 2019-11-24, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=975933667, 2018-11-25, 2019-11-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=975933498, 2018-11-25, 2019-11-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1005886673, 2018-12-06, 2019-12-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1005886201, 2018-12-06, 2019-12-06, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1019943658, 2018-12-11, 2020-02-09, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1020803789, 2018-12-11, 2020-12-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1020801336, 2018-12-11, 2020-12-10, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1019943394, 2018-12-11, 2020-02-09, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1058872928, 2018-12-26, 2020-12-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1058872922, 2018-12-26, 2020-12-25, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1060875132, 2018-12-27, 2020-12-26, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1060875028, 2018-12-27, 2020-12-26, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1067553416, 2018-12-30, 2020-12-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1067553966, 2018-12-30, 2020-12-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1067422853, 2018-12-30, 2020-12-29, COMODO ECC Domain > Validation Secure Server CA > https://crt.sh/?id=1067422599, 2018-12-30, 2020-12-29, COMODO ECC Domain > Validation Secure Server CA > > DigiCert > crt.sh URL, notBefore, notAfter, issuer CN > ------------------------------------------ > https://crt.sh/?id=308100681, 2015-11-09, 2019-02-06, DigiCert ECC Secure > Server CA > https://crt.sh/?id=307892387, 2016-07-14, 2019-07-19, DigiCert ECC Secure > Server CA > https://crt.sh/?id=308355664, 2016-07-14, 2019-07-19, DigiCert ECC Secure > Server CA > https://crt.sh/?id=308335383, 2016-08-11, 2019-11-09, DigiCert SHA2 Secure > Server CA > https://crt.sh/?id=41935017, 2016-09-22, 2019-11-26, DigiCert ECC Secure > Server CA > https://crt.sh/?id=307429360, 2016-10-13, 2020-01-10, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218572, 2016-10-28, 2019-11-06, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218573, 2016-10-28, 2019-11-06, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218570, 2016-10-28, 2019-11-06, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218373, 2017-01-11, 2019-04-11, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218343, 2017-01-11, 2019-03-20, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218342, 2017-01-11, 2019-03-20, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218451, 2017-01-11, 2020-04-10, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218372, 2017-01-11, 2019-04-11, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218340, 2017-01-11, 2019-03-20, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218453, 2017-01-11, 2020-04-10, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218371, 2017-01-11, 2019-04-11, DigiCert SHA2 Extended > Validation Server CA > https://crt.sh/?id=104218449, 2017-01-11, 2020-04-10, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=79750010, 2017-01-23, 2020-04-22, DigiCert ECC Secure > Server CA > https://crt.sh/?id=104218412, 2017-01-30, 2020-04-29, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218410, 2017-01-30, 2020-04-29, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=104218408, 2017-01-30, 2020-04-29, DigiCert SHA2 High > Assurance Server CA > https://crt.sh/?id=82056937, 2017-01-30, 2019-02-04, TERENA SSL High > Assurance CA 3 > https://crt.sh/?id=146656935, 2017-05-31, 2019-06-05, DigiCert ECC Secure > Server CA > https://crt.sh/?id=307593001, 2017-06-01, 2019-01-15, DigiCert SHA2 Secure > Server CA > https://crt.sh/?id=308273560, 2017-06-27, 2020-07-01, DigiCert SHA2 Secure > Server CA > > Asseco Data Systems S.A. (previously Unizeto Certum) > crt.sh URL, notBefore, notAfter, issuer CN > ------------------------------------------ > https://crt.sh/?id=983011607, 2018-11-28, 2019-11-28, Certum Organization > Validation CA SHA2 This one is a precertificate, the corresponding actual certificate is not listed on crt.sh . As of a moment ago, the serial number was apparently not revoked. The pre-certificate is marked with an EV OID apparently not trusted by Mozilla, so an identical real certificate would presumably be treated as an ordinary OV certificate by Firefox. Thus it IS subject to Mozilla policy. > > These certificates are not mis-issuances in terms of the Baseline > Requirements (the BRs allow P-521), but Mozilla Root Store Policy does > clearly prohibit P-521, so I wanted to alert the Mozilla community to these > certificates. > As this peculiar ban is Mozilla-specific, I guess it would be permitted for such certificates to exist under a separate root from each CA, untrusted by Mozilla, but trusted by some other browsers. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
