On Thursday, 3 August 2017 02:12:18 UTC+2, Matt Palmer wrote: > On Wed, Aug 02, 2017 at 06:38:44PM -0400, Jonathan Rudenberg via > dev-security-policy wrote: > > I think the correct response is to add both intermediates to OneCRL > > immediately, especially given the historic issues with StartCom. > > +1. Also a strongly worded letter of "are you f%*king kidding me?!?" to > Certinomis. Everyone even ephemerally involved in the WebPKI should know by > now that StartCom/WoSign are viewed with deep suspicion, and blithely > signing an intermediate for them is not a smart move. > > - Matt
It just means Certinomis now has to answer for the misissuance, doesn't it? I don't see the problem. They can choose to risk their own webtrust if they want to. ;-) CU Hans _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy