I've been attempting to report a bunch of miss-issued certificates this weekend (hobbies are important!) I've primarily been using https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00028 as my reference (without which I would be totally lost!)
So far I've encountered issues with: - DocuSign (OpenTrust/Keynectis) - who neglected to fill out that field - StartCom - who filled out "web publication", I don't know what that means To all the CAs who included a straightforward email or webform in there, thank you! Alex On Mon, Jul 31, 2017 at 10:10 AM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 25/07/17 18:13, Jeremy Rowley wrote: > > I would also love to see a more standardized notice mechanism that is > > universal to all CAs. Right now, notifying CAs is a pain as some have > > different webforms, some use email, and some don't readily tell you how > to > > contact them about certificate problems. > > "Not readily telling" is a BR violation; if you come across a CA like > that, please do let us know. The info should be in the CCADB and in the > CAs report. > > I agree it would be nice to have something more standard, but we have > what we have right now. > > Gerv > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
