On Thursday, September 1, 2016 at 6:35:54 PM UTC-7, Richard Wang wrote: > I said " Yes, we are improved", you can see from the timeline that from June > 2015 to July 2016, over one-year period that we don't have any incident, this > means we fixed system bug in time and do more validation and check, we > blocked many illegal order for famous domains.
Mere minutes before you posted this message, you acknowledged in https://groups.google.com/d/msg/mozilla.dev.security.policy/Q3zjv95VhXI/p40n2Zv6DAAJ that this certificate was misissued: https://crt.sh/?id=29884704 If we trust your dates are correct with notBefore, then this was issued June 23, 2016. Clearly, this shows an issue, the fullness of which, I'll reply on that thread. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
