On Monday, 9 January 2017 14:05:25 UTC, Robin Alden wrote: > Nick, > Thanks for the heads-up. > We agree that the certificates you found should have been revoked.
Thank you Robin for investigating this, for your explanation of what happened and for the sensible response of CT logging and revoking the affected certificates. Please pass on my thanks to any additional people at Comodo who made that happen. It would also be good to know (if you have relevant insight) whether you would expect your auditors to a) Notice and report if Comodo had not even tried to comply with this element of 7.1.4.2.1 OR b) Notice and report the type of mistake made here, in which a process was followed to attempt compliance but it missed a proportion of affected certificates. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
