For those who aren’t following Bugzilla closely, here’s a quick update on where things are with the large batch of misissuance bugs that was filed this week.
Most CAs have provided an initial response, and many have finished their initial incident reviews and provided details. Only two CAs have not responded at all yet: - Entrust - Godaddy (note that this bug was filed a day later than the rest due to an oversight on my part) I suspect that many community members will be interested in the ongoing response and some may want to provide helpful feedback. You can see a list of all the bugs here: https://wiki.mozilla.org/CA/Incident_Dashboard#Open_CA_Compliance_Bugs If you want to get email updates on a specific bug, log into Bugzilla and press the ‘Follow’ button. If you’d like to follow all of the bugs via email, you can subscribe to the whole component by going to this link: https://bugzilla.mozilla.org/userprefs.cgi?tab=component_watch and selecting the NSS product and the “CA Certificate Mis-Issuance" component. Another recent item that is relevant is a discussion about “Metadata-only subject fields” on the CAB Forum public mailing list: https://cabforum.org/pipermail/public/2017-August/011846.html Cheers, Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy