RE: GoDaddy verification issue history appears incomplete: possible regression of bug in 2010

Back in 2010 all of our testing was manual. We've been investing in automated testing over the last three years. Now we are focusing that effort on the new Ballot 169 methods with a heightened awareness of false positives like this one, and detection of potential vulnerabilities. >

Re: Policy 2.4 Proposal: Define how quickly audit reports must be provided

On 13/01/17 02:00, Ryan Sleevi wrote: > Suggestion: "List of CA policy documents _and versions_" Yes, good idea. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Policy 2.4 Proposal: Update required version number of Baseline Requirements to 1.3.7

On 13/01/17 01:56, Ryan Sleevi wrote: > Notably, 1.3.7 also has IP encumbrances - and uncertainty - the same > as 1.4.1, so presumably, Mozilla is OK with having encumbered methods > included. Considering some of these exclusions have existed since the > BR's adoption, that doesn't seem an

Re: GoDaddy verification issue history appears incomplete: possible regression of bug in 2010

On 13/01/17 17:10, Fred Emmott wrote: > In January 2010, I reported two issues to GoDaddy, with an example > certificate that should have been rejected: - their website-based > authentication required a request to an URL including a random string > to include the same random string. Reading