Work continues. After the initial good news, to my surprise the second million or so certificates processed threw up some deviations from major public CAs
Comodo https://crt.sh/?id=1246507 https://crt.sh/?id=1825806 Verisign / Symantec https://crt.sh/?id=1450883 I would appreciate feedback, generally from m.d.s.policy participants about whether they believe that for some reason these certificates did not need to be revoked to achieve compliance with 7.1.4.2.1 and specifically from Comodo and Symantec on why the certificates weren't in fact revoked. I would also be interested in learning whether auditors would be expected to identify and report this deviation. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
