On 6/30/16 8:30 AM, Rob Stradling wrote: > https://www.computest.nl/blog/startencrypt-considered-harmful-today/ > > Eddy, is this report correct? Are you planning to post a public > incident report?
Does StartCom honor CAA? Does StartCom publish to CT logs? How many mis-issued certs were obtained by the researchers? Has there been an investigation to see if there were similarly mis-issued certs prior to this report? Have those certs been revoked? -Dan Veditz _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
