On 26/04/17 21:21, Rob Stradling via dev-security-policy wrote: <snip>
(Note: A few of the non-Symantec entries currently listed by https://crt.sh/mozilla-disclosures#undisclosed are false positives, I think. It looks like Kathleen has marked some roots as "Removed" on CCADB ahead of the corresponding certdata.txt update on mozilla-central).
Ah, I take that back. The March certdata.txt update did hit mozilla-central on 11th April, but I missed an alert. I've just pushed that update to crt.sh.
https://crt.sh/mozilla-disclosures#undisclosed is currently free of false positives. It shows that DigiCert, StartCom and Symantec are currently out-of-compliance with Mozilla's disclosure requirement.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy