136
edits
Changes
Add issue G
==== Issue F.5: Invalid CDP Extension ====
On 31-January, 2019, it was [https://bugzilla.mozilla.org/show_bug.cgi?id=1524451 reported that Certinomis issued two certificates in July of 2018 containing invalid CRL references in the CDP extension]. One is https:// and the other is not a URI. One of these certificates was revoked on 22-February, 2019, and the other has not been revoked as of 9-April.
=== Issue G: Use of BR Domain Validation Method 3.2.2.4.5 After Deadline ===
The BRs set a deadline of 1-August, 2018 for CAs to stop using this method due to serious [https://cabforum.org/pipermail/public/2017-December/012630.html vulnerabilities that were identified]. This concern was communicated in Mozilla's [[CA/Communications#January_2018_CA_Communication|January 2018 and September 2018 CA Communications]]. In a [https://bugzilla.mozilla.org/show_bug.cgi?id=1544933 bug that was recently filed describing the issuance of a certificate containing an unregistered domain name], Certinomis implied that BR method 3.2.2.4.5 was used to validate that certificate. Upon further questioning, [https://bugzilla.mozilla.org/show_bug.cgi?id=1544933#c9 Certinomis stated that BR method 3.2.2.4.5 was still in use].
