I did some checks on certificates and their AIA sections and noticed that several Microsoft certificates were referencing intermediate certificates in the "CA Issuer" field that give a 403 error.
http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%204.crt http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%205.crt These are listed in active use on certificates on public hosts (e.g. azure.com, msn.com, skype.com, xbox.com). I have informed Microsoft through the contact mail address in the CCADB. -- Hanno Böck https://hboeck.de/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy