On Tue, Dec 04, 2018 at 01:14:44PM -0500, Ryan Sleevi via dev-security-policy wrote: > > > All issued certificates were unusable due to corrupted signature. > > > > Could you speak to more about how you assessed this? An incorrect signature > on the CRL would not necessarily prevent the certificate from being used; > it may merely prevent it from being revoked. That is, all 30,000 (revoked) > certificates may have been usable due to the corrupted signature.
He explained before that the module that generated the corrupt signature for the CRL was in a weird state after that and all the newly issued certificates signed by that module also had corrupt signatures. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy