The first email is the guy found the problem, the second email is asking for revocation to related person that he/she can't do it.
Sure, we have CMS (Certificate Management System), every order is processed in the system by the proper duty person. See Figure 8, the top menu is Order Info, personal info, proof documents, processing log, order remark, domain validation log That we just display the menu "processing log" in the screenshot to show all process event like shipping tracking system. I am sorry that we are busy with the second report that maybe can't reply all inquiry email. Some question will be replied in the second report. Best Regards, Richard -----Original Message----- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Monday, September 5, 2016 1:34 AM To: Richard Wang <rich...@wosign.com> Cc: Gervase Markham <g...@mozilla.org>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Incidents involving the CA WoSign On Sun, Sep 04, 2016 at 09:49:25AM +0000, Richard Wang wrote: > Hi all, > > We finished the investigation and released the incidents report today: > https://www.wosign.com/report/wosign_incidents_report_09042016.pdf In section 2.2 you explain that there is a mail at 9:01 and 9:38, where I think the one from 9:38 asks for the revocation of the certificates by e-mail. Is there a procedure in place that those e-mails get acted upon? Why is this done via e-mail and not some some other system that can make sure it's being followed up? Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy