I updated the bugzilla thread
(https://bugzilla.mozilla.org/show_bug.cgi?id=1429639). We ended up revoking 35
certs where we couldn't complete the authenticity check. I don't think these
were actually issued to the wrong organization. Most of them are foreign, which
means getting them on the
On Wednesday, January 10, 2018 at 4:24:54 PM UTC-5, Tim Hollebeek wrote:
> As you know, BR 3.2.5 requires CAs to verify the authenticity of a request
> for an OV certificate through a Reliable Method of Communication (RMOC).
> Email can be a RMOC, but in these cases, the email address was a
Thank you for the report Tim. I just created
https://bugzilla.mozilla.org/show_bug.cgi?id=1429639 to track this issue.
Please follow up in the bug and on this thread.
- Wayne
On Wed, Jan 10, 2018 at 2:24 PM, Tim Hollebeek via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
Hi everyone,
There was a bug in our OEM integration that led to a lapse in the
verification of authenticity of some OV certificate requests coming in
through the reseller/partner system.
As you know, BR 3.2.5 requires CAs to verify the authenticity of a request
for an OV certificate
4 matches
Mail list logo