Following up on this thread, 8 days ago I emailed Camerfirma, I have not
heard back from them, nor have they taken any action. What is the
appropriate next step here?
On Mon, Jul 31, 2017 at 10:14 AM, Alex Gaynor <agay...@mozilla.com> wrote:
> I've been attempting to report a bunch of miss-issued certificates this
> weekend (hobbies are important!) I've primarily been using
> Q00028 as my reference (without which I would be totally lost!)
> So far I've encountered issues with:
> - DocuSign (OpenTrust/Keynectis) - who neglected to fill out that field
> - StartCom - who filled out "web publication", I don't know what that means
> To all the CAs who included a straightforward email or webform in there,
> thank you!
> On Mon, Jul 31, 2017 at 10:10 AM, Gervase Markham via dev-security-policy
> <email@example.com> wrote:
>> On 25/07/17 18:13, Jeremy Rowley wrote:
>> > I would also love to see a more standardized notice mechanism that is
>> > universal to all CAs. Right now, notifying CAs is a pain as some have
>> > different webforms, some use email, and some don't readily tell you how
>> > contact them about certificate problems.
>> "Not readily telling" is a BR violation; if you come across a CA like
>> that, please do let us know. The info should be in the CCADB and in the
>> CAs report.
>> I agree it would be nice to have something more standard, but we have
>> what we have right now.
>> dev-security-policy mailing list
dev-security-policy mailing list