MozillaWiki

CA/WoSign Issues: Difference between revisions

Page Discussion

CA/WoSign Issues (view source)

Revision as of 11:19, 7 September 2016

9 bytes added ,  7 September 2016
Fix links
(Remove "draft" designation)
(Fix links)
Line 116: Line 116:
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 72. Richard Wang [https://groups.google.com/d/msg/mozilla.dev.security.policy/yZaJh0KxFUc/6RYlFFQiDAAJ said]: "We checked our system, the certificates issued related using higher level port website control validation is totally 72 certificates. To be clear, those certificates are validated by website control validation method that using other port except 80 and 443."
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 72. Richard Wang [https://groups.google.com/d/msg/mozilla.dev.security.policy/yZaJh0KxFUc/6RYlFFQiDAAJ said]: "We checked our system, the certificates issued related using higher level port website control validation is totally 72 certificates. To be clear, those certificates are validated by website control validation method that using other port except 80 and 443."


2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016.pdf Official issue report].
2016-09-04: [https://www.wosign.com/report/wosign_incidents_report_09042016.pdf Official issue report].


===Further Comments===
===Further Comments===
Line 150: Line 150:
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 33.
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 33.


2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016.pdf Official issue report]. The report explains the two bugs, N1 and N2.  WoSign classifies the misissuances as 21 N1 and 12 N2. However, they have misclassified at least one - line 2 of Figure 14 - so the actual split may be different.
2016-09-04: [https://www.wosign.com/report/wosign_incidents_report_09042016.pdf Official issue report]. The report explains the two bugs, N1 and N2.  WoSign classifies the misissuances as 21 N1 and 12 N2. However, they have misclassified at least one - line 2 of Figure 14 - so the actual split may be different.


====Bug N1====
====Bug N1====
Line 304: Line 304:
===WoSign Response===
===WoSign Response===


2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016.pdf Official issue report].
2016-09-04: [https://www.wosign.com/report/wosign_incidents_report_09042016.pdf Official issue report].


===Further Comments===
===Further Comments===
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1146977"