Re: Email sub-CAs

2017-04-15 Thread Peter Bowen via dev-security-policy
On Thu, Apr 13, 2017 at 9:33 AM, douglas.beattie--- via dev-security-policy wrote: > On Thursday, April 13, 2017 at 10:49:17 AM UTC-4, Gervase Markham wrote: >> On 13/04/17 14:23, Doug Beattie wrote: >> > There is no statement back to scope or corresponding

Re: CloudFlare Issuing SHA-1 SSL Certificates

2017-04-15 Thread Samuel Pinder via dev-security-policy
It looks like "CloudFlare Inc Compatibility CA-3" chains back to the "GTE CyberTrust Global Root" (see https://crt.sh/?caid=34007 ) The "GTE CyberTrust Global Root" is an old 1024 bit root that was removed from NSS two years ago (see https://bugzilla.mozilla.org/show_bug.cgi?id=1047011 ), and

CloudFlare Issuing SHA-1 SSL Certificates

2017-04-15 Thread James Burton via dev-security-policy
CloudFlare has been issuing SHA-1 SSL Certificates from CloudFlare Inc Compatibility CA-3 which is BR violation. See: https://crt.sh/?CN=%25=34007 Thank you James Burton ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org