On Thursday, 10 August 2017 16:55:22 UTC+1, iden...@gmail.com  wrote:
> certificates contain the issue.  Three (3) of these are real certificates;
> however, one has expired. We have revoked the other two certificates. The
> remaining two (2) are pre-certificates.

To clear this up for anybody who didn't go look: They're specifically 
pre-certificates _for_ the other two certificates, so there is nothing further 
here that could be revoked.

And as Ryan writes, what we'd want to see here in m.d.s.policy isn't 
revocations (though those are required by the BRs anyway so we do expect them) 
but an investigation of what went wrong and a summary of what was done to 
ensure we won't be back here reading about the same problems at the same CAs.

Like an Accident Investigator my focus is not on "punishing the guilty" but on 
the Prevention of Future Harm. We can't undo the fact that a certificate was 
mis-issued, but we can try to reduce the number of future mis-issuances by 
learning from past mistakes and putting in place technologies, policies and 
practices that avoid mis-issuance in the future.
dev-security-policy mailing list

Reply via email to