On Friday, February 8, 2019 at 4:09:32 PM UTC-8, Joanna Fox wrote: > I agree on the surface this bug appears to be the same, but the root cause is > a different. The issue for bug 1462844 was a specific status not counting as > active when it was. To mitigate this issue, we updated the query to include > the missing status. However, we are in the process of simplifying the data > structures to simplify these types of queries. > > For the underscore certificates, these were non-active, not even considered > as provisioned since they were not delivered to a customer and not publicly > used for any encryption. These certificates were effectively abandoned by our > system.
Is the term "certificate" accurate in this case? Assuming you embed SCTs within the EE cert, what you have is technically a pre-cert that was abandoned (not meant to be submitted to CT). Right? I ask because both the cert you linked are pre-certs, and I understand signing a pre-cert is intent to issue and is treated the same way, but still wanted to clarify. Or by non-active certificate, are you actually referring to a fully signed EE that was just not delivered to the customer? Thanks, Santhan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy