Hi Scott, On Tue, Mar 5, 2019, at 09:02, Scott Rea via dev-security-policy wrote: > > • DM has resolved all technical and policy issues raised in the UAE and > DM Roots submission process on Mozilla list: see > https://bugzilla.mozilla.org/show_bug.cgi?id=1427262 > > • Since the inception of the DM CA we have had two technical compliance > issues during its three years of operation, both were addressed > immediately and resolved.
Your count is incorrect. This certificate was misissued and appears to be a third incident that is not mentioned in your summary: https://crt.sh/?id=271084003&opt=zlint > • The first was that DM misissued 2 TLS certificates that were not in > compliance with the BRs as reported by Rob Stradling - specifically the > FQDN listed in the CN was not also included in the SAN. The 2 offensive > certs were already flagged by DM and were held and revoked and were > only in existence for approximately 18hrs and at NO TIME were they LIVE > on the internet protecting any services. They were promptly replaced by > properly attributed BR-compliant certificates. Comment 31 of the UAE > and DM Root inclusion Bug is where the two misissued certs were > documented see https://bugzilla.mozilla.org/show_bug.cgi?id=1427262 Since we are summarizing, it's worth noting again that no incident report was provided, one was requested in this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c32 Jonathan _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
