Le dimanche 31 janvier 2016 18:47:53 UTC+1, Peter Bowen a écrit : > Sub-CA under SHECA (which has applied to be in the Mozilla program) > https://crt.sh/?id=12367776&opt=cablint
One CRL per issued certificate, and the CRL isn't correctly limited in its scope, allowing for a CRL substitution attack to unrevoke a certificate. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
