> -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+wthayer=godaddy....@lists.mozilla.org] On Behalf Of Gervase > Markham via dev-security-policy
> Here is our proposed remediation plan for GoDaddy. > > 1) As with all CAs, update all their domain validation code to use one of the > 10 > approved methods; > > 2) Implement comprehensive automated testing for their domain validation > code for all issuance systems; > > 3) Make sure those tests automatically run when any change is made to the > code, before deployment, such that deployment is gated on a pass; > > 4) Get a statement from their auditors that these tests have been created > and positioned correctly in the deployment workflow. > > All steps to be completed within 3 months. > > Comments on this plan are welcome, including from GoDaddy. > Gerv - this makes sense and it is GoDaddy's intent to perform these steps within 3 months. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy