On 04/10/16 11:51, Kurt Roeckx wrote: > On Tue, Oct 04, 2016 at 11:13:21AM +0100, Rob Stradling wrote: >> On 04/10/16 07:10, Gervase Markham wrote: <snip> >>> Does Comodo run cablint over all certificates post-issuance (or >>> pre-issuance)? >> >> Neither. I'd like to run cablint over all certs pre-issuance, but >> unfortunately it's not practical to do this yet because 1) cablint is >> too slow and 2) there are some differences of opinion that have been >> discussed at CABForum but not yet resolved. > > I guess you don't have the same slowness with x509lint, but that: > - It doesn't cover all the same things > - It might also still give errors about things that CABForum needs > to resolve. > > But I guess it should be easy enough for you to ignore some of the > errors (or warnings). > > I do intend to make it check more things, but activity really > comes in bursts.
Hi Kurt. Indeed, x509lint is currently much quicker. I'd like to run x509lint over all certs pre-issuance too. :-) -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
