On Thu, Jun 30, 2016 at 11:10:45AM -0500, Peter Kurrasch wrote: > Very interesting. This is exactly the sort of thing I'm concerned about > with respect to Let's Encrypt and ACME.
Why? StartCom isn't the first CA to have had quite glaring holes in its automated DCV interface and code, and I'm sure it won't be the last. What is so special about Let's Encrypt and ACME that you feel the need to constantly refer to it as though it's some sort of new and special threat to the PKI ecosystem? - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
