El jueves, 2 de agosto de 2018, 15:50:44 (UTC+2), Kurt Roeckx escribió: > On Thu, Aug 02, 2018 at 06:19:42AM -0700, Juan Angel Martin via > dev-security-policy wrote: > > > > 6) Explanation about how and why the mistakes were made or bugs introduced, > > and how they avoided detection until now. > > > > The procedure established to publish the CAs into CCADB wasn't correct > > cause it didn’t foresee the contingency of the person in charge of > > disclosing CA’s certificates into CCADB and the person acting as a backup > > weren’t available. > > This looks like a process issue to me, and adding a 3rd person > won't fix that. The certificate should not having been used until > someone confirmed that it was done. > > > Kurt
Hello, We've modified our procedure to not deliver the intermediate CA certificate until it's disclosed in the CCADB. Thanks a lot. Juan Angel _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
