On Sat, Sep 19, 2015 at 2:12 PM, Brian Smith <[email protected]> wrote:
> On Sat, Sep 19, 2015 at 7:20 AM, Gervase Markham <[email protected]> wrote: > > > Symantec just fired people for mis-issuing a google.com 1-day pre-cert: > > > > By the way, Symantec didn't say "pre-cert," they said "certificates". > Well, a "pre-cert" is just a certificate with the poison extension in it. --Richard > > Also, I we shouldn't be splitting hairs at the difference between > pre-certificates and certificates as far as mis-issuance detection is > concerned. If people think there is a meaningful (technical, legal, etc.) > distinction between a pre-certificate being logged via CT and the > corresponding certificate being logged in CT, then we should consider > removing the pre-certificate mechanism from CT so that there's no doubts in > that. My view is that there is no meaningful difference. > > Cheers, > Brian > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
