Re: Symantec Response J
On 2017-04-11 11:15, Kurt Roeckx wrote: On 2017-04-10 17:52, Ryan Sleevi wrote: Hi Steve, Quick question: 1) You identified that the root cause was related to a deprecated, but not removed, interface. Your remediation was to remove that interface. a) How many deprecated, but unremoved, interfaces does Symantec have, as of 2017-04-10? Or in general, how many interfaces does Symantec have? Does Symantec have a list of all the interfaces, and have they all been verified to follow all the requirements? Also related to this is, does Symantec have a list of all software it uses in the issuance process, where it all runs, and have procedures to update all the software or configurations? Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Symantec Response J
On 2017-04-10 17:52, Ryan Sleevi wrote: Hi Steve, Quick question: 1) You identified that the root cause was related to a deprecated, but not removed, interface. Your remediation was to remove that interface. a) How many deprecated, but unremoved, interfaces does Symantec have, as of 2017-04-10? Or in general, how many interfaces does Symantec have? Does Symantec have a list of all the interfaces, and have they all been verified to follow all the requirements? Why does the interface need to block this, and not the process that issues the certificate? Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Symantec Response J
Hi Steve, Quick question: 1) You identified that the root cause was related to a deprecated, but not removed, interface. Your remediation was to remove that interface. a) How many deprecated, but unremoved, interfaces does Symantec have, as of 2017-04-10? ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy