On 26/04/17 21:21, Rob Stradling via dev-security-policy wrote:
(Note: A few of the non-Symantec entries currently listed by
https://crt.sh/mozilla-disclosures#undisclosed are false positives, I
think.  It looks like Kathleen has marked some roots as "Removed" on
CCADB ahead of the corresponding certdata.txt update on mozilla-central).

Ah, I take that back. The March certdata.txt update did hit mozilla-central on 11th April, but I missed an alert. I've just pushed that update to crt.sh.

https://crt.sh/mozilla-disclosures#undisclosed is currently free of false positives. It shows that DigiCert, StartCom and Symantec are currently out-of-compliance with Mozilla's disclosure requirement.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

dev-security-policy mailing list

Reply via email to