In the last days Let's Encrypt continued to issue certificates to a fraudulent website. The certificates of concern can be seen here: https://crt.sh/?Identity=entry.credit-suisse.services
The problem report was answered by Let's Encrpyt with an answer indicating that they will continue to issue and hence are not following BRG 4.2.1. requiring them to have procedures in place for such High Risk Certificate Requests. So the question now is what the community intends to do to retain trust in a certificate issuer with such an obvious malpractise enabling phishing sites? - Nathalie _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy