Hi Steve,

I have a few questions:

1. What criteria is Symantec using to determine if a certificate has a
"deficiency" that warrants re-validation?

2. How will Symantec assess whether the domain(s) in a certificate were
correctly validated?

3. Is any of the information gathered by processing agents used for
domain validation?

Regards,
Andrew


On Sun, 12 Feb 2017 15:27:42 +0000
Steve Medin via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:

> A response is now available in Bugzilla 1334377 and directly at:
> https://bugzilla.mozilla.org/attachment.cgi?id=8836487
> 
> 
> > -----Original Message-----
> > From: Gervase Markham [mailto:g...@mozilla.org]
> > Sent: Thursday, February 09, 2017 4:56 AM
> > To: Steve Medin <steve_me...@symantec.com>; mozilla-dev-security-
> > pol...@lists.mozilla.org
> > Cc: r...@sleevi.com
> > Subject: Re: Misissued/Suspicious Symantec Certificates
> >
> > On 09/02/17 03:07, Ryan Sleevi wrote:
> > > We appreciate your attention to these questions and will
> > > thoughtfully consider a response to these questions if received
> > > no later than 2017-02-13
> > > 00:00:00 UTC.
> >
> > Mozilla also requests answers to these excellent questions under
> > the same terms and, for the avoidance of doubt, interprets the
> > above as the point in time between Sun 2017-02-12 and Mon
> > 2017-02-13, rather than the point in time between Mon 2017-02-13
> > and Tue 2017-02-14.
> >
> > Gerv
> 
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
> 
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to