I've started a wiki page giving Mozilla expectations and best practices for CAs responding to a misissuance report. (No idea why I decided to write that now...)
https://wiki.mozilla.org/CA/Responding_To_A_Misissuance Comments on whether the content is correct, and what might be missing, are most welcome. The idea might be for us (or anyone else, for that matter) to send a link to this document to CAs along with any misissuance reports. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy