On Mon, 24 Oct 2022 06:07:53 +0000 "Lahtiharju, Pekka" <[email protected]> wrote:
> Telia was testing new Badkeys/Lint implementation and we wanted to do > also one test without Badkeys/Lint with vulnerable key to see if > anything else would prevent such key. According to our information CT > log "Dodo" that was used is non-production CT log and could be used > for such tests with non-trusted TLS certificates (Mammoth and Sabre > are Sectigo's production CT logs). I hope this kind of testing is OK? > Or should we keep such test certificates internal only without any CT > publishing? Ok, I wasn't aware up until now that crt.sh has data from pure test logs. It seems okay from me. Though maybe crt.sh would want to indicate this prominently to avoid confusion? -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20221024093706.71bd06c7%40computer.
