Yesterday, Andrew Ayer filed a bug [1] identifying 14 pre-certificates issued by Certinomis in February 2019 containing an unregistered domain name. Since the cause described in the incident report is similar, I added this under issue F.1.
On Tue, Apr 16, 2019 at 11:44 AM Wayne Thayer <wtha...@mozilla.com> wrote: > Mozilla has decided that there is sufficient concern [1] about the > activities and operations of the CA Certinomis to collect together a list > of issues. That list can be found here: > https://wiki.mozilla.org/CA/Certinomis_Issues > > Note that this list may expand or contract over time as issues are > investigated further, with information either from our or our community's > investigations or from Certinomis. > > We expect Certinomis to engage in a public discussion of these issues and > give their comments and viewpoint. We also hope that our community will > make comments, and perhaps provide additional information based on their > own investigations. > > When commenting on these issues, please clearly state which issue you are > addressing on each occasion. The issues have been given identifying letters > and numbers to help with this. > > At the end of a public discussion period between Mozilla, our community, > and Certinomis, which we hope will be no longer than a couple of weeks, > Mozilla will move to make a decision about how to respond to these > concerns, based on the picture which has then emerged. > > - Wayne > > [1] > https://wiki.mozilla.org/CA/Maintenance_and_Enforcement#Recurring_Issues > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
