On Tue, 9 Apr 2019 14:07:55 -0400 Ryan Sleevi via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> I think it's merely a misparsing of the description. > > The intermediate you referenced - https://crt.sh/?id=197857126 - > chains to a "root in Mozilla's program with the Websites trust bit > set". That root is https://crt.sh/?caid=1110, and you can see, it has > the Website Trust Bit set. Aha. > I suspect you parsed it as "intermediates ... with the websites trust > bit set", but that's not what that report is. Yes, I see. So I was indeed holding it wrong. Thanks for this clear explanation Ryan. Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy