On 18/04/17 17:22, Ryan Sleevi wrote: > On Tue, Apr 18, 2017 at 12:09 PM, Jeremy Rowley via dev-security-policy < > [email protected]> wrote: >> code signing certificates into a pseudo- SSL profile. Because they were >> intended to be code signing certificates, the certificates issued off a >> code-signing intermediate (with code-signing as the sole EKU).
If this is true, I am not particularly concerned. So as Ryan notes, a demonstration of this fact would satisfy me that this was not a serious incident. Thank you for reporting it so promptly. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
