Bonjour, Coming back to this message:
Le jeudi 26 mars 2015 10:03:34 UTC+1, Anyin a écrit : > Regarding this Incident, > > 1, We prompt to response to Microsoft and Apple, and actively send incident > report and CRL to Mozilla ASAP. We request MCS to take steps do more > investigate. Quoting MCS report as following, > > " MCS had received the Sub-ordinate certificate from CNNIC on mentioned > date and started the test on same day inside MCS lab which is a protected > environment, ----- the following SHOULD have raised a red flag: > MCS had assured to store the private key in a FIPS compliant > device (Firewall), ----- > to run the test which had started with no incidents on ----- The following was maybe unintentional but not unexpected, considering the previously raised red flag: > Thursday, and for the sack of unintentional action the Firewall had an > active policy to act as SSL forward proxy with an automatic generation for a > certificates for browsed domains on the internet, ----- [...] > 5, The device MCS used to mis-issuance cert is PaloAlto Firewall, we may > consult more technical details about how it works as a SSL proxy and issue > the cert automatically. Really, what were you expecting from a firewall? Do you really need more details on how it works? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy