Glad you also answered the key question I posted some time ago (the last one in the PDF).
According to your answer it appears that the majority of problematic certificates were, to the WebPKI relying parties, correct and valid certificates that simply had the legal names of the certificate holders safely replaced by the non-confusing (in several languages) word "test". Such certificates, while they may technically violate one or more CP/CPS/BR rules, are not really dangerous, as they provide the information of a DV certificate with the stronger vetting of an OV certificate. However the incident seems to have revealed deeper and more serious issues such as bad vetting and failure to retain vetting records. On 31/01/2017 04:51, Steve Medin wrote:
Our response to questions up to January 27, 2017 has been posted as an attachment to bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334377. The direct attachment link is: https://bugzilla.mozilla.org/attachment.cgi?id=8831933. The bug report contains additional documentation supporting our response. Kind regards, Steven Medin PKI Policy Manager, Symantec Corporation
Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy