Am Montag, 26. November 2018 18:34:38 UTC+1 schrieb Jakob Bohm: > In addition to this, would you add the following: > > - Daily checks of crt.sh (or some other existing tool) if > additional such certificates are erroneously issued before > the automated countermeasures are in place?
Thank you, Jakob. This is what we intended to do. We are monitoring crt.sh at least twice daily every day from now on. As to your other point, we do restrict the serial number element and the error occurred precisely in defining the constraints for this field. As mentioned above, we plan to make adjustments to our systems to prevent this kind of error in future. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
