On Mon, Mar 30, 2020 at 01:48:28PM -0700, Josh Aas via dev-security-policy wrote: > Matt - It would be helpful if you could report issues like this to the CA > in question, not just to mdsp.
Helpful to *whom*, exactly? I don't write up these reports to be helpful to the CA in question; I write them to be helpful to the community. I don't see how reporting these problems to an individual CA is helpful to anyone except that one CA -- which, as I said, is not a goal I am aiming for here. At any rate, since (as I understand it) all CAs are supposed to be watching mdsp anyway, sending a report here should be equivalent to sending it to all CAs -- including Let's Encrypt -- anyway. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
