Hi all, Following up on this thread, 8 days ago I emailed Camerfirma, I have not heard back from them, nor have they taken any action. What is the appropriate next step here?
Alex On Mon, Jul 31, 2017 at 10:14 AM, Alex Gaynor <[email protected]> wrote: > I've been attempting to report a bunch of miss-issued certificates this > weekend (hobbies are important!) I've primarily been using > https://ccadb-public.secure.force.com/mozillacommunications/ > CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId= > Q00028 as my reference (without which I would be totally lost!) > > So far I've encountered issues with: > > - DocuSign (OpenTrust/Keynectis) - who neglected to fill out that field > - StartCom - who filled out "web publication", I don't know what that means > > To all the CAs who included a straightforward email or webform in there, > thank you! > > Alex > > On Mon, Jul 31, 2017 at 10:10 AM, Gervase Markham via dev-security-policy > <[email protected]> wrote: > >> On 25/07/17 18:13, Jeremy Rowley wrote: >> > I would also love to see a more standardized notice mechanism that is >> > universal to all CAs. Right now, notifying CAs is a pain as some have >> > different webforms, some use email, and some don't readily tell you how >> to >> > contact them about certificate problems. >> >> "Not readily telling" is a BR violation; if you come across a CA like >> that, please do let us know. The info should be in the CCADB and in the >> CAs report. >> >> I agree it would be nice to have something more standard, but we have >> what we have right now. >> >> Gerv >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy >> > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
