I just posted this incident report. The summary is we had an issue where a certain path allowed issuance of certs for example.com when only www.example.com <http://www.example.com> was verified. This incident happened previously with Comodo here: https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/PoMZvss_PR o/TK8L-lK0EwAJ. At that time we checked out code, but missed a path.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
