On 2018-12-04 7:24, Wojciech Trapczyński wrote:
Question 1: Was there a period during which this issuing CA had no
validly signed non-expired CRL due to this incident?
Between 10.11.2018 01:05 (UTC±00:00) and 14.11.2018 07:35 (UTC±00:00) we
were serving one CRL with corrupted signature.
Do you have any plans to prevent serving CRLs with an invalid signature
and keep the old CRL in place until you have a valid one?
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy