Andrew, thank you for your efforts to report this issue. We are
investigating and will report our resolution, cause analysis, and corrective
actions once complete.
Kind regards,
Steven Medin
PKI Policy Manager, Symantec Corporation
>
https://clicktime.symantec.com/a/1/LyhH99FiQBwyOqKcts8QGJ75k6
> TPEC_N7jOPRSjGhkA=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3DA8F14F52CC1282D7153A13316E7DA39E6AE37B1A10C16288B902
> 4A9B9DC3C4C6
>
https://clicktime.symantec.com/a/1/_X1-
> P9bvSq0r_QG43YQ6BwhHeeRl4IrY8ebwWh9HWiQ=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3D8B5956C57FDCF720B6907A4B1BC8CA2E46CD90EAD5C061A426C
> F48A6117BFBFA
>
https://clicktime.symantec.com/a/1/1ux2sxPZpTNuRjN4JV5qOj0550
> RDi16i7NLrqi0eFaY=?d=6VMu_T-sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3D94482136A1400BC3A1136FECA3E79D4D200E03DD20B245D19F0E
> 78B5679EAF48
>
https://clicktime.symantec.com/a/1/YT02EQBzJ13G0VwF_VLruHbKA
> Ep4LXe40icNc0DLwUA=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3DC69AB04C1B20E6FC7861C67476CADDA1DAE7A8DCF6E23E15311
> C2D2794BFCD11
>
> I confirmed with ICANN, the owner of
example.com, that they did not
> authorize these certificates. These certificates were already revoked at
the
> time I found them.
>
>
> II. Suspicious certificates for domains containing the word "test"
>
> On 2016-11-15 and 2016-10-26, Symantec issued certificates for various
> domains containing the word "test" which I strongly suspect were
> misissued:
>
>
https://clicktime.symantec.com/a/1/_0lsjfT3DHqxu1QJl2eBU5zx948r
> qJmGy-bHkTlww3c=?d=6VMu_T-sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3Db81f339b971eb763cfc686adbac5c164b89ad03f8afb55da9604fd0
> d416bbd21
>
https://clicktime.symantec.com/a/1/uF90PPzN7N3_lTMmPb8YzXKK
> AfWPKKNmpvo_prjlE3Y=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3Df45d090e1bf24738a8e86734aa7acf7c9e65b619eb19660b1f73c99
> 73f11b841
>
https://clicktime.symantec.com/a/1/ezbB2-8KqYUHyXjQx5B-
> Vwf6tJJiGin6RaC_rwMyM7Y=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3Dbcbc26c9e06c4fe1c9e4d55fa27a501c504ea84e23e114b8ac004f7
> c0776cd0b
>
https://clicktime.symantec.com/a/1/DvhFK5KhEvCMzdYbMfWcMszP
> yUmwumBtBw7KULICQNk=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3Df0935ce297419cc148bde49a7a123f2b2419cdd52df8e7f49e7bba0
> 7fe872559
>
https://clicktime.symantec.com/a/1/bVc-
> 6BOqerbwbrXUNbJu8pE6Vy80A5iky_MQqAMWgaA=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3D3601ab49034e69d6e2137a80e511a0640252f444b75d6baca7bf46
>
https://clicktime.symantec.com/a/1/uZoiIkm1yJ-
> wqrsj50BAsLnMXK8PZ3NxcouYQEZu9FQ=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3D09AECE5B94BBB8A9EE2152FA6FB7261630124918DA015EB35715
> 08EF6D31DD30
>
https://clicktime.symantec.com/a/1/s2LLW3OI_Iy8EHFssVpBCwNmh
> ZYy1Fj3Jzz9JIZSFpQ=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3DCC0A2AE0EF5B1A6CF242D7B4C77AC9F05B49494B42C8486B4780
> 4874734CFC1C
>
https://clicktime.symantec.com/a/1/A3K4rj0hMWJHEL8Gwbg3A3_fK
> cWxBCrko0KsDdX3jPw=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3DF177AC0064167354025CE12B3914A0E056628DD31152B5DF22E41
> 913FC9D9B45
>
https://clicktime.symantec.com/a/1/8BpzYG4IsDaFzKnBM5ZFLCABF6
> 94TPWDHnQRABD_Yps=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3Fsha256%3DDA7B1D433C071DA7A389EE2A4CAB854B89E441277B41E608F05F
> B7C7C6B2A761
>
> For more, see:
>
>
https://clicktime.symantec.com/a/1/_sbN9qKZDejSAj1U7evxJlBm83
> RyY17fLL1MikfsplM=?d=6VMu_T-
> sR5eKmPW2WR2IXMmMu2l3NuU1xwSCzx-
> S8H67_QVReqcePQ_O3DgBf_CHNp7acC3LqzelBaMae64LokDHJrk3XCy9cJBj7
> mWmiY1RlN6aQDk-q60Cy76Au0CHjeYa4qo0N7e7Pbcw_OwHSJmMQEw-
> s1RBUJ4y6oFf9cEpLQYDcTs0wQjUve2_zzbI9paFZA-
> 4MBZn0OAqSr0fdyihKQa3NGk1XSLahRHT9H7YKUQRhaX3y6FotZjUaGOWboG
> oYn8PQTT6koyyBuC-
> 044fxL0XE8xRruYOPBELAZNVU7IzdE2id8hrzrFn7l2jmuWLTxkW-
> AQ15CZUebkaGsbll_tyh8jDt08gBNpnPtXVKTMbDEYJw-
> p1P3j3Zh6JpKCiC3jVpJ69E80VUm5h1S79Gwhy6xG1BYx6pTfwpQ3h1_jVWXz3
> NLXmybP77Lu56CC_6htKsu1YTZVPIbw%3D&u=https%3A%2F%2Fcrt.sh%2F%
> 3FO%3Dtest
>
> I doubt there is an organization named "test" located in "test, Korea."
>
> Regards,
> Andrew
> _______________________________________________
> dev-security-policy mailing list
>
dev-secur...@lists.mozilla.org
>
https://lists.mozilla.org/listinfo/dev-security-policy