On 03/03/17 20:59, douglas.beat...@gmail.com wrote: > In general, when we receive new orders and issue certificates, the > vetting is done just prior to issuance time which permits the > certificate to be replaced up until expiration. We're looking into > cases where new "orders" may have used certificate data that was done > prior and then verifying that the domains (and enterprise data on the > subject DN) are re-verified at the applicable intervals. > > I'll send out an update as soon I have more information.
Hi Doug, Any update? Once you report back, if nothing terrible is found, I think we can consider this matter resolved. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy