I updated the bugzilla thread (https://bugzilla.mozilla.org/show_bug.cgi?id=1429639). We ended up revoking 35 certs where we couldn't complete the authenticity check. I don't think these were actually issued to the wrong organization. Most of them are foreign, which means getting them on the phone when they already had their cert was pretty difficult. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Incident report: Failure to verify authenticity for some partner requests
Amus via dev-security-policy Fri, 01 Jun 2018 23:03:02 -0700
- Incident report: Failure to verify a... Tim Hollebeek via dev-security-policy
- Re: Incident report: Failure to... Wayne Thayer via dev-security-policy
- Re: Incident report: Failure to... Bruce via dev-security-policy
- Re: Incident report: Failure to... Amus via dev-security-policy