On Friday, June 16, 2017 at 1:05:37 AM UTC-4, Tavis Ormandy wrote:
> Hello, I was crawling the pkcs7 blobs in public pdf files and found some
> intermediate certificates that don't appear in crt.sh.
> I forwarded them to Rob, I don't know if this is useful to anyone else, but
> they're available here.
> (I have a larger collection if anyone wants them, but many have unknown
> critical extensions, or are name or usage constrained, etc)
I'm trying to understand this posting. I think the CAs have an obligation to disclose all Intermediate certificates to the CCADB. I don't think that the CAs have an obligation to disclose through CT. Am I right?
I did review the zip above and found 3 Entrust/AffirmTrust certificates. These were all disclosed in the CCADB.