diff options
Diffstat (limited to 'blacklist.txt')
| -rw-r--r-- | blacklist.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/blacklist.txt b/blacklist.txt new file mode 100644 index 0000000..6ea1732 --- /dev/null +++ b/blacklist.txt @@ -0,0 +1,23 @@ +# One blacklist entry per line, corresponding to the label in certdata.txt. + +# MD5 Collision Proof of Concept CA +"MD5 Collisions Forged Rogue CA 25c3" + +# DigiNotar Root CA (see debbug#639744) +"DigiNotar Root CA" + +# StartCom and WoSign certificates are now untrusted by the major browser +# vendors[0]. See [1] for discussion. The list was generated by: +# +# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \ +# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq +# +# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ +# [1] https://bugs.debian.org/858539 +# +"StartCom Certification Authority" +"StartCom Certification Authority G2" +"WoSign" +"WoSign China" +"Certification Authority of WoSign G2" +"CA WoSign ECC Root" |