Let's be even more pointed: How do we know that *any* of the certs issued through this interface were issued to the right person for the right domain? How can StartCom make that determination?
Original Message From: Daniel Veditz Sent: Thursday, June 30, 2016 12:04 PM ... How many mis-issued certs were obtained by the researchers? Has there been an investigation to see if there were similarly mis-issued certs prior to this report? Have those certs been revoked? -Dan Veditz _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy