On Sat, Sep 19, 2015 at 7:20 AM, Gervase Markham <[email protected]> wrote:
> Symantec just fired people for mis-issuing a google.com 1-day pre-cert: > By the way, Symantec didn't say "pre-cert," they said "certificates". Also, I we shouldn't be splitting hairs at the difference between pre-certificates and certificates as far as mis-issuance detection is concerned. If people think there is a meaningful (technical, legal, etc.) distinction between a pre-certificate being logged via CT and the corresponding certificate being logged in CT, then we should consider removing the pre-certificate mechanism from CT so that there's no doubts in that. My view is that there is no meaningful difference. Cheers, Brian _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
