136
edits
CA/Certinomis Issues: Difference between revisions
→Issue A: StartCom Cross-signing (2017): old --> new
(→Issue G: Use of BR Domain Validation Method 3.2.2.4.5 After Deadline: add link to domain validation processes) |
(→Issue A: StartCom Cross-signing (2017): old --> new) |
||
| Line 9: | Line 9: | ||
[UPDATE 9-May in reply to the [[CA/Certinomis_Issues#Certinomis_Response|Certinomis Response]]] | [UPDATE 9-May in reply to the [[CA/Certinomis_Issues#Certinomis_Response|Certinomis Response]]] | ||
Certinomis asked Mozilla to approve their plan to help Startcom, but when the cross-certificates were discovered, [https://groups.google.com/d/msg/mozilla.dev.security.policy/RJHPWUd93xE/lyAX9Wz_AQAJ Gerv responded] "This seems to be very different to the plan you implemented." By cross-signing Startcom's | Certinomis asked Mozilla to approve their plan to help Startcom, but when the cross-certificates were discovered, [https://groups.google.com/d/msg/mozilla.dev.security.policy/RJHPWUd93xE/lyAX9Wz_AQAJ Gerv responded] "This seems to be very different to the plan you implemented." By cross-signing Startcom's new roots, Certinomis assisted Startcom in circumventing the remediation plan, and by proposing one plan then implementing a different one, Certinomis did so without Mozilla's consent. | ||
Startcom misissued a number of certificates ([https://crt.sh/?opt=cablint&id=160150786 example]) under that cross-signing relationship that Certinomis is responsible for as the Mozilla program member. | Startcom misissued a number of certificates ([https://crt.sh/?opt=cablint&id=160150786 example]) under that cross-signing relationship that Certinomis is responsible for as the Mozilla program member. | ||