|
William Pitcock |
db98f6 |
# One blacklist entry per line, corresponding to the label in certdata.txt.
|
|
William Pitcock |
db98f6 |
|
|
William Pitcock |
db98f6 |
# MD5 Collision Proof of Concept CA
|
|
William Pitcock |
db98f6 |
"MD5 Collisions Forged Rogue CA 25c3"
|
|
William Pitcock |
db98f6 |
|
|
William Pitcock |
db98f6 |
# DigiNotar Root CA (see debbug#639744)
|
|
William Pitcock |
db98f6 |
"DigiNotar Root CA"
|
|
William Pitcock |
db98f6 |
|
|
William Pitcock |
db98f6 |
# StartCom and WoSign certificates are now untrusted by the major browser
|
|
William Pitcock |
db98f6 |
# vendors[0]. See [1] for discussion. The list was generated by:
|
|
William Pitcock |
db98f6 |
#
|
|
William Pitcock |
db98f6 |
# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
|
|
William Pitcock |
db98f6 |
# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
|
|
William Pitcock |
db98f6 |
#
|
|
William Pitcock |
db98f6 |
# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
|
|
William Pitcock |
db98f6 |
# [1] https://bugs.debian.org/858539
|
|
William Pitcock |
db98f6 |
#
|
|
William Pitcock |
db98f6 |
"StartCom Certification Authority"
|
|
William Pitcock |
db98f6 |
"StartCom Certification Authority G2"
|
|
William Pitcock |
db98f6 |
"WoSign"
|
|
William Pitcock |
db98f6 |
"WoSign China"
|
|
William Pitcock |
db98f6 |
"Certification Authority of WoSign G2"
|
|
William Pitcock |
db98f6 |
"CA WoSign ECC Root"
|