Happy Monday! Another week, another set of intermediate certs that have shown up in CT without having been properly disclosed: https://crt.sh/mozilla-disclosures#undisclosed
There are four intermediates here, and with exception of the StartCom one, they were all issued more than a year ago. As I've expressed before, I find it baffling that this still happens. To approach this more productively, I'd be very appreciative if someone from a CA could describe how they approach disclosing intermediates, where it fits into their process, how they track progress, etc. Cheers, Alex _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
