Hi Steve, I have a few questions:
1. What criteria is Symantec using to determine if a certificate has a "deficiency" that warrants re-validation? 2. How will Symantec assess whether the domain(s) in a certificate were correctly validated? 3. Is any of the information gathered by processing agents used for domain validation? Regards, Andrew On Sun, 12 Feb 2017 15:27:42 +0000 Steve Medin via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > A response is now available in Bugzilla 1334377 and directly at: > https://bugzilla.mozilla.org/attachment.cgi?id=8836487 > > > > -----Original Message----- > > From: Gervase Markham [mailto:g...@mozilla.org] > > Sent: Thursday, February 09, 2017 4:56 AM > > To: Steve Medin <steve_me...@symantec.com>; mozilla-dev-security- > > pol...@lists.mozilla.org > > Cc: r...@sleevi.com > > Subject: Re: Misissued/Suspicious Symantec Certificates > > > > On 09/02/17 03:07, Ryan Sleevi wrote: > > > We appreciate your attention to these questions and will > > > thoughtfully consider a response to these questions if received > > > no later than 2017-02-13 > > > 00:00:00 UTC. > > > > Mozilla also requests answers to these excellent questions under > > the same terms and, for the avoidance of doubt, interprets the > > above as the point in time between Sun 2017-02-12 and Mon > > 2017-02-13, rather than the point in time between Mon 2017-02-13 > > and Tue 2017-02-14. > > > > Gerv > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy