Yes, we are working on fixing this issue with our CA system. Regards,
An Yin CA Product Manager -----邮件原件----- 发件人: [email protected] [mailto:[email protected]] 代表 Gervase Markham 发送时间: 2015年3月24日 17:09 收件人: Kurt Roeckx; [email protected] 主题: Re: Consequences of mis-issuance under CNNIC On 24/03/15 09:03, Kurt Roeckx wrote: > So it's my understanding that they were only supposed to issue > certificates for their own domain(s). Why wasn't this enforced by > using a name constraint? The implied answer to this question from statements by the CNNIC representative is that their system was not set up to issue certificates with name constraints, and this is something they are now urgently looking at fixing. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
