Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS Observatory: certsplainer.html displaying incorrect data #440

Open
gene1wood opened this issue Oct 25, 2023 · 0 comments
Open

TLS Observatory: certsplainer.html displaying incorrect data #440

gene1wood opened this issue Oct 25, 2023 · 0 comments

Comments

@gene1wood
Copy link

Kathleen reports in https://bugzilla.mozilla.org/show_bug.cgi?id=1859889

https://tls-observatory.services.mozilla.com/static/certsplainer.html has a table called "Trust Stores" that is shown for root certificates. Unfortunately, that table is displaying incorrect results, because the TLS Observatory has stale data about which root stores include each root certificate.

For accurate data, people should refer to https://www.ccadb.org/resources or directly to the root store operator web pages.

Please either update https://tls-observatory.services.mozilla.com/static/certsplainer.html to not ever display the "Trust Stores" table, or take down the web page.

Note that we will soon have a replacement for this web page that does not depend on the TLS Observatory: Bug #1817331

Examples:

https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=842653
Shows that the root certificate is only included in the Microsoft and Mozilla root stores. However, this root is also included in Apple's, Google's, and Ubuntu's root stores.

https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=188395466
Shows that the root certificate is not included in any root store. But actually it is included in all of the browser root stores.

https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=79
Shows that the root certificate is included in most root stores, when it actually has been removed from most of them.

https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=24
Shows that the root certificate is included in most root stores, when it actually has been removed from all of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant