On 04.12.2018 10:01, Kurt Roeckx via dev-security-policy wrote:
On 2018-12-04 7:24, Wojciech Trapczyński wrote:Question 1: Was there a period during which this issuing CA had no validly signed non-expired CRL due to this incident?Between 10.11.2018 01:05 (UTC±00:00) and 14.11.2018 07:35 (UTC±00:00) we were serving one CRL with corrupted signature.Do you have any plans to prevent serving CRLs with an invalid signature and keep the old CRL in place until you have a valid one?
This one CRL with corrupted signature was serving between dates I mentioned. Starting from November 14th 07:35 (UTC±00:00) we are serving CRL with a valid signature. I have described it in the Bugzilla bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1511459#c2).
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
