> Those tests were done to check the CT behaviour, there was any other testing > of the new systems, just for the CT. Those certs were under control all the > time and were lived for some minutes because were revoked inmediately after > checking the certs were logged correctly in the CTs. It´s not a mis-issuance > by means of we didn´t know what happened, we had to investigate, etc. It was > not a good practice and I can´t excuse for that, but it was not related to > the regular issuance procedure as someone suggested. We provided a report in > which indicated all that happened and what we did to not happen this again, > updating the EJBCA roles permissions.
1) Why didn't StartCom build a test hierarchy? 2) Why didn't StartCom use the TestTube CT log for testing CT? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
