Ryan Sleevi <r...@sleevi.com> writes: >I don't think the hyperbole helps here.
It wasn't hyperbole, it was extreme surprise. When someone told me about this I couldn't believe it was still happening after the massive amount of publicity it got at the time, so it was more a giant "WTF?!??" than anything else. Other CA certs with this issue include further audited and (in some cases) EV- approved certs, all from Microsoft: https://crt.sh/?id=988218851&opt=x509lint,zlint,cablint https://crt.sh/?id=988140328&opt=zlint,x509lint,cablint https://crt.sh/?id=988215004&opt=zlint,cablint,x509lint https://crt.sh/?id=988137612&opt=x509lint,cablint https://crt.sh/?id=1197076917&opt=x509lint,cablint https://crt.sh/?id=1197067049&opt=x509lint,cablint https://crt.sh/?id=1197079848&opt=x509lint,cablint https://crt.sh/?id=1197075787&opt=x509lint,cablint https://crt.sh/?id=554380367&opt=x509lint https://crt.sh/?id=918173942&opt=x509lint,cablint I don't know who trust what where, but Chrome at least seems to trust these two: https://crt.sh/?id=554380367&opt=x509lint https://crt.sh/?id=918173942&opt=x509lint,cablint >It's probably better to start a new thread if you'd like to talk about it >further. Sure, it just came to mind when I saw this thread, which is why I posted it here. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy