On Thu, 18 Jul 2019 11:40:31 -0700 Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> Andrew Ayer filed two bugs yesterday [1] [2] that might be worthy of > a bit of discussion. There's a third bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1567062 Like the GoDaddy case, the intermediate supposedly having the same CP/CPS/audits as parent is not listed in the parent's audit report, so this too looks like an incorrect disclosure. Regarding Sectigo and Web.com, although their CPSes use extremely similar language, they are not consistent, since they list different CAA domains. Regards, Andrew _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy