On 2016-08-17 00:23, Ryan Sleevi wrote:
Practically speaking, what steps could be taken?
6) Ask them to immediately stop issuing SHA-1 based certificates that chain back to any of the root certificates in the Mozilla root store, and revoke the one they shouldn't have issued. If they fail to comply distrust all their certificates.
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
