On Wed, Aug 02, 2017 at 06:38:44PM -0400, Jonathan Rudenberg via dev-security-policy wrote: > I think the correct response is to add both intermediates to OneCRL > immediately, especially given the historic issues with StartCom.
+1. Also a strongly worded letter of "are you f%*king kidding me?!?" to Certinomis. Everyone even ephemerally involved in the WebPKI should know by now that StartCom/WoSign are viewed with deep suspicion, and blithely signing an intermediate for them is not a smart move. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy