On Wed, Apr 19, 2017 at 3:47 PM, Mike vd Ent via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Ryan, > > My answers on the particular issues are stated inline. > But the thing I want to address is how could (in this case Digicert) > validate such data and issues certificates? I am investigation more of them > and afraid even linked company names or registration numbers could be > false. Shouldn't those certificates be revoked? > You are correct that it appears these certificates should not have issued. Hopefully Jeremy and Ben from DigiCert can comment on this thread ( https://groups.google.com/d/msg/mozilla.dev.security.policy/DgeLqKMzIds/ig8UmHT2DwAJ for the archive) with details about the issues and the steps taken. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy