On Wednesday, November 2, 2016 at 5:22:30 PM UTC+2, Gervase Markham wrote: > Hi Daniel, > > On 02/11/16 14:11, Itzhak Daniel wrote: > As far as the DigiCert certs go, it is far too early to have an opinion > on what Mozilla is or isn't doing.
I have to agree, the time span is too short (at least they didn't backdate). > I'm not sure what you mean by "ignoring Mozilla Security Community". I > am happy with the level of communication by Comodo about their incident. AFAIK they didn't include the TLD '.re' in their incident report [1] (the certificate was probably issued on Jun 30th, 2014; Google CT 1st seen timestamp: 2014-07-02 14:54:54 GMT [2]), they had the same mistake before the 'sb' incident, but did/do not acknowledge it officially [3]. Links, 1. https://www.mail-archive.com/[email protected]/msg04274.html 2. https://crt.sh/?id=4467456 3. https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/LQSrnPv2qOo _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
