On 13/04/17 17:43, Jeremy Rowley wrote:
> Because the certificate improperly included Symantec's BR-compliance OID. If
> the cert wasn't a BR-covered certificate but included the BR compliance OID,
> then the cert was still mis-issued and should be disclosed.
But that was not the reason they gave for it being misissued; they only
noticed that when someone else pointed it out to them.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy