Re: Certificate Incident

On Thu, Jul 14, 2016 at 02:52:41AM -0700, Nick Lamb wrote: > On Thursday, 14 July 2016 05:18:20 UTC+1, Andrew Ayer wrote: > > Revocation does not address the risk that this mis-issuance has caused > > to the ecosystem, since collided certificates (the ones we cannot see, > > and need to be

Re: Certificate Incident

On Thu, 14 Jul 2016 02:52:41 -0700 (PDT) Nick Lamb wrote: > On Thursday, 14 July 2016 05:18:20 UTC+1, Andrew Ayer wrote: > > Revocation does not address the risk that this mis-issuance has > > caused to the ecosystem, since collided certificates (the ones we > > cannot

Re: Certificate Incident

On 7/13/16 8:02 PM, sanjay_m...@symantec.com wrote: On Tuesday, July 12, Symantec erroneously produced and issued 8 SHA-1 certificates in support of one customer’s application to submit SHA-1 TBS Certificates to the CA/B Forum for a SHA-1 exception. Symantec has revoked the certificates. An

Re: Certificate Incident

On Thursday, 14 July 2016 05:18:20 UTC+1, Andrew Ayer wrote: > Revocation does not address the risk that this mis-issuance has caused > to the ecosystem, since collided certificates (the ones we cannot see, > and need to be worried about) have different serial numbers and > therefore do not

Re: Certificate Incident

On 14/07/16 05:17, Andrew Ayer wrote: Have the key pairs been used previously? Hi Andrew. All 8 of these SHA-1 precertificates are known to CT and crt.sh. The same 8 public keys appear in a further 8 SHA-256 precertificates that were issued 5 days earlier by a different Symantec issuing