On 29/10/15 13:17, Kurt Roeckx wrote: > I know this is directly copied from their blog about this, but I wonder > what it means for a certificate to support CT. Is the requirement > really that all certificates need to published in CT?
That's a good question. I suspect they mean "be published in CT"; however, we could be more clear about what we mean when/if we publish our own requirements. > - Are all certificates really found now and revoked? As above, the > current state is unclear. Presumably when Symantec issue a final "final report" then that will be the sign that, to the best of their knowledge, they believe this to be true. > - Why are those test certificates signed by a real CA and not a test CA? Presumably because they want to test them in realistic scenarios with standard root stores. That's not to say that they shouldn't have done this in some cases. > It still conflicts with itself, it first says that there were 3 > certificate that shouldn't have been issued while the next paragraph > talks that there were 23. And then you have to go to the addendum to > see yet different numbers. I'm sure Rick will make sure that the final final report gets, at minimum, a copyediting pass :-) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
