Re: Incident report: Failure to verify authenticity for some partner requests

I updated the bugzilla thread (https://bugzilla.mozilla.org/show_bug.cgi?id=1429639). We ended up revoking 35 certs where we couldn't complete the authenticity check. I don't think these were actually issued to the wrong organization. Most of them are foreign, which means getting them on the

Re: Bad characters in dNSNames

What's wrong with the two Well's Fargo certs? I don't see any invalid characters in them. On Wednesday, August 16, 2017 at 9:22:01 AM UTC-6, Rob Stradling wrote: > On 15/08/17 13:29, Gervase Markham via dev-security-policy wrote: > > Hi Rob, > > > > On 26/07/17 11:21, Rob Stradling wrote: > >>

Re: When are public applications embedding certificates pointing to 127.0.0.1 OK?

Looking into this, we revoked the cert on our end at 2:20 MST (within 24 hours after the certificate problem report was processed), but we distribute all of our OCSP responses through CDNs. Distribution through the CDN took approximately an hour plus. I couldn't find a definition of revoked in