On Thursday, 10 August 2017 16:55:22 UTC+1, iden...@gmail.com wrote:
> certificates contain the issue. Three (3) of these are real certificates;
> however, one has expired. We have revoked the other two certificates. The
> remaining two (2) are pre-certificates.
To clear this up for anybody who didn't go look: They're specifically
pre-certificates _for_ the other two certificates, so there is nothing further
here that could be revoked.
And as Ryan writes, what we'd want to see here in m.d.s.policy isn't
revocations (though those are required by the BRs anyway so we do expect them)
but an investigation of what went wrong and a summary of what was done to
ensure we won't be back here reading about the same problems at the same CAs.
Like an Accident Investigator my focus is not on "punishing the guilty" but on
the Prevention of Future Harm. We can't undo the fact that a certificate was
mis-issued, but we can try to reduce the number of future mis-issuances by
learning from past mistakes and putting in place technologies, policies and
practices that avoid mis-issuance in the future.
dev-security-policy mailing list