On Wednesday, November 9, 2016 at 4:16:56 AM UTC-8, Rob Stradling wrote: > To have reached the incorrect conclusion that they'd "properly followed > the requirement", a CA would've presumably either... > 1. Looked at https://crt.sh/mozilla-disclosures#undisclosed, noticed > that one or more of their intermediates was marked as "Disclosure is > required!", but decided to ignore it.
Or thought it was incorrect. For example, there were some self-signed root certs that were marked as disclosure is required. Those have been added as intermediate certs for now... Or got errors when trying to upload the certs to Salesforce. I still have several of these in my inbox to work through. Please note that the RSA root certificate is schedule for removal in the December batch of root changes via https://bugzilla.mozilla.org/show_bug.cgi?id=1283326 So I'm ignoring these: RSA the Security Division of EMC 18 Cheers, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
