Our response to questions up to January 27, 2017 has been posted as an attachment to bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334377.
The direct attachment link is: https://bugzilla.mozilla.org/attachment.cgi?id=8831933. The bug report contains additional documentation supporting our response. Kind regards, Steven Medin PKI Policy Manager, Symantec Corporation From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Monday, January 30, 2017 12:36 PM To: Ryan Sleevi <r...@sleevi.com> Cc: Steve Medin <steve_me...@symantec.com>; Andrew Ayer <a...@andrewayer.name>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Misissued/Suspicious Symantec Certificates Steve, As captured in our private mail exchange last week, Symantec's report fails to meaningfully address each or any of the questions I raised. Google considers it of utmost urgency that Symantec share the answers to these questions, posed a week ago, and based on Symantec's multiple public statements regarding the previous misissuance. Please confirm your receipt of these questions and your intent to provide an answer to the community by end of day, so that we can consider Symantec's answers when considering appropriate next steps to protect our users. In the absence of timely information from a CA following a misissuance, it's both necessary and reasonable to consider the worst as plausible. For your reference, https://groups.google.com/d/msg/mozilla.dev.security.policy/fyJ3EK2YOP8/chC7tXDgCQAJ
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy