On 28 February 2018 at 11:37, Jeremy Rowley via dev-security-policy <[email protected]> wrote: > What kind of transparency would the Mozilla community like around this > issue? There aren't many more facts than I shared above, but there is a lot > of speculation. Let me know what I can share to help alleviate confusion and > answer questions.
Have you contacted the customers whose certificates you have not revoked; but which were in the original batch? It seems likely they're going to wind up revoked too. Is there any way to identify these certificates through crt.sh or through a manual cert search? (Some special Intermediate/CRL/OID/string...?) Has Trustico said anything about whether or not they will provide more information in the future? -tom _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
