On 06/30/2016 06:30 PM, Rob Stradling wrote:
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Eddy, is this report correct? Are you planning to post a public
incident report?
Hi Rob and all,
There were indeed a couple of issues with the client software - known
bugs have been fixed by our developers (hope there wont be anything more
significant than that :-) ).
So far less than three hundred certificates have been issued using this
method, none should have been effectively issue wrongfully due to our
backend checks.
At the moment I don't believe that a public incident report is
necessary, but should anything change in our current assessment we will
obviously act accordingly. I instructed additional verifications and
confirmations to assert that assessment.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: [email protected] <xmpp:[email protected]>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
