Re: Misissued/Suspicious Symantec Certificates

As a side note to the main topic, I find it curious and a little disconcerting that the referred link to the E assessement of CrossCert, (outlined in Point 2 of "Additional Follow-ups") found on the document linked by Steve (here : https://bug1334377.bmoattachments.org/attachment.cgi?id=8831038

Re: Misissued/Suspicious Symantec Certificates

On 04/02/17 14:32, Ryan Sleevi wrote: > Gerv, as the information Steve shared about their other RAs show, their > issues with RAs are not limited to CrossCert, unfortunately. Check out the > rest of the details included. Ouch. Thank you for drawing these to my attention; I had neglected to read

Re: Misissued/Suspicious Symantec Certificates

On Sat, Feb 4, 2017 at 3:10 AM, Gervase Markham wrote: > > 4) Is there any reliable programmatic way of determining, looking only > at the contents of the certificate or certificate chain, that a > certificate was issued by CrossCert personnel using their processes, as > opposed

Re: Misissued/Suspicious Symantec Certificates

On 31/01/17 04:51, Steve Medin wrote: > Our response to questions up to January 27, 2017 has been posted as an > attachment to bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334377. Quoting that document: "Q: 4) In response to the previous incident, Symantec indicated it updated its internal