Closed lcslima closed 4 months ago
dvorak42
commented
5 months ago Unfortunately it appears your key commitment endpoint has a "CERT_COMMON_NAME_INVALID" error (likely due to a misconfigured certificate, it seems to be presenting a certificate for azureedge.net rather than pst-issuer.clearsale.com.br) and we are unable to verify the contents of the key commitment.
Please let us know once that's been fixed and we'll take another look.
lcslima
commented
4 months ago Hello,
I hope you are well.
We made the correction, can you check?
Thanks
dvorak42
commented
4 months ago The content looks good, however one of the changes that landed since the origin trial was to require an "application/pst-issuer-directory" content-type/media-type on the key commitments (https://github.com/WICG/trust-token-api/blob/main/spec.bs#L183) to confirm that they're intended to be interpreted as key commitments.
Let me know when you've updated the endpoint and we can rerun the configuration.
lcslima
commented
4 months ago Hello,
Update complete, can you confirm we are now compliant?
Thanks!
dvorak42
commented
4 months ago Your keys have been successfully parsed, they should be available in Chrome via component updater in approximately 4 hours (you can force an update by going to chrome://components/ and hitting "Check for update" under Trust Token Key Commitments).
Issuer Name
Clearsale Anti Fraud
Origin
https://pst-issuer.clearsale.com.br
Contact Email
suporte.behavior@clear.sale
Key Commitment Endpoint URL
https://pst-issuer.clearsale.com.br/.well-known/private-state-token/key-commitment
Purpose
Summary: Private State Token issuer request - Clearsale Anti Fraud Description: Clearsale Anti Fraud to detect invalid devices Issuer Name : Clearsale Anti Fraud Origin : https://pst-issuer.clearsale.com.br Contact: suporte.behavior@clear.sale Key Commitment Endpoint URL: https://pst-issuer.clearsale.com.br/.well-known/private-state-token/key-commitment Purpose: Detect invalid devices
Disclosure and Acknowledgement