On 18/10/16 19:15, Rob Stradling wrote: > Hi Hanno. The questions that you and others have posted are entirely > reasonable. Sorry for the delay. Robin intends to post a reply this week.
It seems like this reply has not yet appeared? I would like to make sure my initial question about "Where does Comodo's documentation of this methodological equivalence reside? etc." is answered. And also, how does: "Today we performed an exhaustive search of all the server authentication certificates we've issued since November 1 2015, and as a result we found just one further certificate [6] in which we'd included a public suffix (rivne.ua) due to this bug." fit with: https://crt.sh/?id=4467456 ? Why did you stop searching at Nov 1st 2015? It seems like the bug has been present for longer... Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
