On Tue, Oct 16, 2018 at 02:18:39PM -0700, identrust--- via dev-security-policy wrote: > 5.Explanation about how and why the mistakes were made, and not caught and > fixed earlier. > > IdenTrust: The certificate was generated for a server within IdenTrust. > The certificate contained internal domain names which were not reachable > externally. Two domain names in the SAN (Autodiscover.identrus.int and > Mercury.identrus.int) were included at that time. When the certificate > was generated, these domains were internally hosted domains.
This doesn't explain why the mistakes were made, nor does it explain why they were not caught and fixed earlier. > 6. List of steps your CA is taking to resolve the situation and ensure > such issuance will not be repeated in the future, accompanied with a > timeline of when your CA expects to accomplish these things. > > IdenTrust: Post 02/22/2018, IdenTrust implemented a change in the > certificate approval processes that will prevent the domain names with the > .int TLD from being approved. What about other non-existent TLDs? - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
