Do you want that added as a new bug for all the issues listed?  

-----Original Message-----
From: dev-security-policy
.org] On Behalf Of Gervase Markham via dev-security-policy
Sent: Tuesday, August 8, 2017 10:02 AM
Subject: High traffic on this list, and Mozilla root program involvement

Hi everyone,

Wow, traffic on this group has exploded :-) Thank you to everyone who has
been bringing incidents to our attention.

Clearly, many of these items need official responses and action from
representatives of the Mozilla root program. I have been on holiday quite a
lot recently, and that includes this week, and any time I have had has been
fighting fires relating to my other responsibilities and requirements placed
on me. But please rest assured, all this has not been forgotten.

In the mean time, I would hope CAs would be picking up incidents relating to
themselves, doing investigations and publishing best-practice-style incident
reports here once those investigations were concluded. I probably need to
write a wiki page on this, but in brief best practice involves much more
than "we revoked the certificates concerned", it needs to say "this is how
this happened", and "this is what we've done/are doing to make sure it won't
happen again".

dev-security-policy mailing list

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to