On 02/09/16 18:00, Andrew Ayer wrote: > I don't think relying on the notBefore date is a viable option. > WoSign seems to have such a poor handle on their operations that I > think it would be inevitable that someone would find a certificate in > the wild with a notBefore date in the past that had not been > disclosed. What action would Mozilla take if that happened?
A fair question. I think one would need to have the consequences of further issues mapped out beforehand. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy