On Sun, Feb 28, 2016 at 10:40:36PM -0800, [email protected] wrote: > Am Sonntag, 28. Februar 2016 00:31:48 UTC+1 schrieb Matt Palmer: > > On Fri, Feb 26, 2016 at 06:22:22AM -0800, Christoph Klein wrote: > > > To prevent future problems with values in the certficate fields, we have > > > implemented another layer of cross checks after the issuing of the > > > certificate. > > > > Shouldn't you be doing the checking *before* you issue the certificate? It > > seems wasteful and risky to issue the certificate and only then make sure it > > should have been issued before sending it to the customer. > > I believe this is just a misunderstanding/confusion here as to the term > "issue". Because if you look at the sentence after your quote it cleary > comes out that this check is performed *before* sending the certificate to > the customer. So it seems by "issue" "creation" is meant, not the sending > to the customer. But I am sure Mr Klein will clarify this.
Certificate issuance happens when the certificate is created, not when it's sent to the customer. - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
