Issue metadata
Sign in to add a comment
|
Certificate Transparency is not enforced
Reported by
hg5...@gmail.com,
Apr 7 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Example URL: https://judicialconduct.judiciary.gov.uk Steps to reproduce the problem: 1. visit site with SSL (notBefore > 2018-04-01, no CT) ex) https://talk.hscity.go.kr https://judicialconduct.judiciary.gov.uk list : GPKI Root CA1 https://crt.sh/?icaid=123&identity=%25 https://crt.sh/?icaid=272&identity=%25 Amazon Root CA1 https://crt.sh/?icaid=9324&identity=%25 What is the expected behavior? MUST RAISE "NO CT EXISTS" ERROR. What went wrong? for some reason, CT Checking is not enabled in Chrome. Did this work before? No Chrome version: 65.0.3325.181 Channel: stable OS Version: 10.0 Flash Version:
,
Apr 8 2018
,
Apr 10 2018
SCT is being enforced as expected here on 65.0.3325.181 as well as 67.0.3390.0 canary. Is your connection being intercepted by antivirus, proxy, parental control, or similar software?
,
Apr 10 2018
i don't use any SSL interception program. SCT is not enforced in windows canary either. if SCT is being enforced, chrome must raise error for " https://judicialconduct.judiciary.gov.uk/ " (Amazon Root CA1, without SCT)
,
Apr 10 2018
same problem on "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
,
Apr 10 2018
Reporter@ Thanks for the issue. This issue seems to be out of TE scope as this is related to Certificate Transparency. Hence adding TE-NeedsTriageHelp label. Request someone from 'Internals>Network>Certificate' team to look into the issue and help in further triaging. Thanks!
,
Apr 10 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by hg5...@gmail.com
, Apr 7 2018