On Sun, Sep 04, 2016 at 09:49:25AM +0000, Richard Wang wrote: > Hi all, > > We finished the investigation and released the incidents report today: > https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
In section 2.2 you explain that there is a mail at 9:01 and 9:38, where I think the one from 9:38 asks for the revocation of the certificates by e-mail. Is there a procedure in place that those e-mails get acted upon? Why is this done via e-mail and not some some other system that can make sure it's being followed up? Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
