> On Jun 30, 2016, at 15:44, Christiaan Ottow <[email protected]> wrote: > > The certificates we had issuedto us as proof of concept (only for our own > domains), were not revoked and we don't see them in the CT logs. However, we > informed StartCom that we had only issued certificates for domains under our > control, so I can imagine no red flags were raised by their helpdesk.
The lack of CT logging is interesting, as StartCom claims that all certificates they issue are being logged to at least three CT servers: https://www.startssl.com/NewsDetails?date=20160323 Do you mind uploading the certificate files that were obtained somewhere and linking us to them? Thanks, Jonathan _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
