Unknown Intermediates

Hello, I was crawling the pkcs7 blobs in public pdf files and found some
intermediate certificates that don't appear in crt.sh.

I forwarded them to Rob, I don't know if this is useful to anyone else, but
they're available here.

https://lock.cmpxchg8b.com/intermediates.zip

Tavis.

(I have a larger collection if anyone wants them, but many have unknown
critical extensions, or are name or usage constrained, etc)
0
Tavis
6/16/2017 5:05:07 AM
mozilla.dev.security.policy 1165 articles. 1 followers. Post Follow

2 Replies
38 Views

Similar Articles

[PageSpeed] 24

On Friday, June 16, 2017 at 1:05:37 AM UTC-4, Tavis Ormandy wrote:
> Hello, I was crawling the pkcs7 blobs in public pdf files and found some
> intermediate certificates that don't appear in crt.sh.
> 
> I forwarded them to Rob, I don't know if this is useful to anyone else, but
> they're available here.
> 
> https://lock.cmpxchg8b.com/intermediates.zip
> 
> Tavis.
> 
> (I have a larger collection if anyone wants them, but many have unknown
> critical extensions, or are name or usage constrained, etc)

I'm trying to understand this posting. I think the CAs have an obligation to disclose all Intermediate certificates to the CCADB. I don't think that the CAs have an obligation to disclose through CT. Am I right?

I did review the zip above and found 3 Entrust/AffirmTrust certificates. These were all disclosed in the CCADB. 

Thanks, Bruce.
0
Bruce
6/29/2017 7:56:12 PM
On Thu, Jun 29, 2017 at 3:56 PM, Bruce via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> I'm trying to understand this posting. I think the CAs have an obligation
> to disclose all Intermediate certificates to the CCADB. I don't think that
> the CAs have an obligation to disclose through CT. Am I right?
>

Correct.
0
Ryan
6/29/2017 8:29:53 PM
Reply: