On Thu, Aug 03, 2017 at 11:20:19AM +0000, Inigo Barreira via dev-security-policy wrote: > We´re revoking all those unrevoked certs to avoid any more problems.
Revoking problematic certificates doesn't avoid any problems. The problems have already been created. > Regarding the pre-certs, yes, I was aware of the discussion. As Gerv says > there´s a binding statement of "intent" ... the problem with these is that > we generated the pre-certs and logged in the CT log, where crt.sh looks or > monitor, but those weren´t finally issued, so there are not such certs. I don't understand how failing to issue a certificate corresponding to a logged pre-certificate constitutes a "problem". You logged the pre-cert. It was broken. There's the problem. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy