All, I have conflicting opinions about this situation:
On the one hand, I want to see better behavior, and am inclinded to add these two intermediate certs to OneCRL, and tell StartCom and Certinomis to start over and do things right. On the other hand, I'm not convinced yet that the issued non-BR-compliant certs are any worse than we've seen from other CAs for whom we tell them to fix the problem but do not add their relevant intermediate certs to OneCRL. Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy