Issue N: Premature Manual Signing Using SHA-1 (July 2016)

This matter represents the first time any CA attempted to follow the exception 
process which was developed over the course of weeks, beginning at the Bilbao 
CABF face-to-face meeting in May 2016, and with the input of our partners. 
Google initially proposed this exception process, which was later modified 
following input from other CABF members. Our internal process did not clearly 
specify to our PKI Operations team to stop at the point of TBS creation, which 
subsequently resulted in the creation of signed certificates instead of TBS 
Certificates. Importantly, our audit process promptly identified the error, and 
Symantec never released the certificates. We also promptly improved our 
internal process.
dev-security-policy mailing list
  • Symantec Response N Steve Medin via dev-security-policy

Reply via email to