On 2016-09-07 13:00, Gervase Markham wrote:
Hi Richard,
On 07/09/16 11:06, Richard Wang wrote:
This discuss has been lasting two weeks, I think it is time to end
it, it doesn’t worth to waste everybody’s precious time.
Unfortunately, I think we may be only beginning.
I have prepared a list of the issues we are tracking with WoSign's
certificate issuance process and business:
https://wiki.mozilla.org/CA:WoSign_Issues
Thanks for putting this all in a page because I already lost track of
most of the issues.
This URL was posted, and at least seems to match the date range:
https://crt.sh/?serial=056d1570da645bf6b44c0a7077cc6769&iCAID=1662
It currently only has 314 of the mentioned 392 duplicates. I don't know
if there are other duplicate serials we need to look for, or if they
failed to publish all 392. It's at least my understanding that all
certificates for 2015 should already have been submitted to CT.
Related to issue F, we've been told that all 2015 certificates should
have been published to CT. We got a mail saying that with "Date: Fri, 2
Sep 2016 07:37:52 +0000". I added the https://crt.sh/?id=30736090 to
aviator later, and it's now in their log too.
I guess it could be useful for everybody to go over this page and see if
all the issues that were raised are on that page.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
