On 2019-01-29 1:29, Wayne Thayer wrote:
Piotr just filed an incident report on the misissuance that was reported on 18-January: https://bugzilla.mozilla.org/show_bug.cgi?id=1523186
I guess this part is not very clear to me: > We identified and removed from system the registration policy that > issued the problematic certificate. The problematic policy template > was not listed in policies allowed for Certificate Transparency > logging but contained Signed Certificate Timestamp extension. The > usage of such policy template should be blocked by the CT > functionality. We had only one policy in such state. I could read that as: 1) This certificate was not supposed to be logged in CT 2) The issuing should have been prevented I assume 2) was meant. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
