Symantec's bug opens with the words: "At the end of 2013, Symantec issued a cert to one of its customers that did not comply with several provisions of the CA/Browser Forum Baseline Requirements."[0]
So Symantec, at least, thought that this cert fell under the BRs. If their case was that it did not, why did they feel a need to report? Gerv [0] https://bugzilla.mozilla.org/show_bug.cgi?id=966350 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy