Hi All,
This is Jason from the Microsoft PKI Services team. I’d like to add some
context to the note about the certs issued from the Microsoft RSA Root
Certificate Authority 2017. As you can see, these were all issued to a domain
registered to Microsoft. While these clearly violate the Subject profile
requirements in Section 7 of the BRs, nearly all the certs listed meet the
requirements for Test Certificate as listed in Section 1.6.1 of the BRs,
including the presence of the “Test” OID (2.23.140.2.1) in a critical
extension. A few of the test issuances did not meet the requirements of 1.6.1
and we have adjusted our policy enforcement mechanisms accordingly as a result.
That said, we have created an incident around this for purposes of reporting to
our auditors. Please feel free to let me know if you have questions.
Thanks,
Jason Cooper
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
