RE: DigiCert validation issue

[Jeremy Rowley via dev-security-policy]

Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=1556948


-Original Message-
From: dev-security-policy  On
Behalf Of Jeremy Rowley via dev-security-policy
Sent: Wednesday, June 5, 2019 12:17 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: DigiCert validation issue

I just posted this incident report.  The summary is we had an issue where a
certain path allowed issuance of certs for example.com when only
www.example.com   was verified. This incident
happened previously with Comodo here:
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/PoMZvss_PR
o/TK8L-lK0EwAJ. At that time we checked out code, but missed a path. 



smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: DigiCert validation issue

[Julien Cristau via dev-security-policy]

For those following along at home the incident report with details is in
bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1556948

Cheers,
Julien

On Wed, Jun 5, 2019 at 8:17 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> I just posted this incident report.  The summary is we had an issue where a
> certain path allowed issuance of certs for example.com when only
> www.example.com   was verified. This incident
> happened previously with Comodo here:
>
> https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/PoMZvss_PR
> o/TK8L-lK0EwAJ
> .
> At that time we checked out code, but missed a path.
>
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy