Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expectations for intermediate certs with same Subject+SPKI where only one is technically constrained #32

Open
WilsonKathleen opened this issue Aug 27, 2019 · 1 comment
Open

Expectations for intermediate certs with same Subject+SPKI where only one is technically constrained #32

WilsonKathleen opened this issue Aug 27, 2019 · 1 comment

Comments

@WilsonKathleen
Copy link
Contributor

Determine and document what is expected when not all of the intermediate certs with the same Subject+SPKI are technically constrained.
e.g. is it OK for these to be inconsistent as per:
https://crt.sh/mozilla-disclosures#disclosedwithinconsistentaudit
For example:
https://crt.sh/?id=1612093347 -- technically constrained, so no audit statements
https://crt.sh/?id=319549067 -- not technically constrained, so audit statements required

Subject + SPKI SHA256 | 98F39514BA28174E9B3D46C7997E27F759FACFD96C26E3A38834BC9B6BDA27F7
@robstradling
Copy link

I've just updated https://crt.sh/mozilla-disclosures so that it no longer considers technically-constrained intermediates in its "inconsistent audit" and "inconsistent CP/CPS" checks (see crtsh/certwatch_db@a5c58e5).

If the discussion on this PR reaches a different conclusion, I'll update the crt.sh checks accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robstradling @WilsonKathleen