Glad you also answered the key question I posted some time ago (the
last one in the PDF).

According to your answer it appears that the majority of problematic
certificates were, to the WebPKI relying parties, correct and valid
certificates that simply had the legal names of the certificate holders
safely replaced by the non-confusing (in several languages) word "test".

Such certificates, while they may technically violate one or more
CP/CPS/BR rules, are not really dangerous, as they provide the
information of a DV certificate with the stronger vetting of an OV
certificate.

However the incident seems to have revealed deeper and more serious
issues such as bad vetting and failure to retain vetting records.

On 31/01/2017 04:51, Steve Medin wrote:
Our response to questions up to January 27, 2017 has been posted as an
attachment to bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334377.



The direct attachment link is:
https://bugzilla.mozilla.org/attachment.cgi?id=8831933.



The bug report contains additional documentation supporting our response.



Kind regards,

Steven Medin
PKI Policy Manager, Symantec Corporation



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to