On 14/10/15 01:15, Charles Reiss wrote: <snip> > As of this writing, there appears to be a functional server at that > www.icns.com.au which presents that (expired and revoked) cert and to which > openssl s_client can successfully connect. > > Is this entry an error?
Thank you for doing this investigation. That's a good question; this cert does not look like the other test certs. I will ask Symantec. > In Symantec's initial incident report, they indicated 'the private keys > associated with the test certificates were all destroyed as part of the > testing > tool that was used to enroll for the test certificates'. Are they still making > this claim for the test certificates found subsequently? Another good question I will pass on :-) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
