On Tue, Nov 8, 2016 at 11:05 AM, Gervase Markham <[email protected]> wrote: > On 08/11/16 18:25, Peter Bowen wrote: >> No, the problem is that the Issuer reported their subCA but Salesforce >> links the audit info to certificates not to CAs. In the above >> example, there are three different CA certificates with the same >> issuer and subject, so the same (sub)CA is in both a "disclosed" and >> "not disclosed" state. > > Is it possible to fix the display by uploading the other two versions of > the cert and duplicating the audit info?
Yes, that is how one fixes it. But I'm worried that CAs may think they properly followed the requirement and then find themselves penalized. Hence my suggestion to focus on CAs that clearly have not even attempted to follow the requirement. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
