True, we don't know their intentions but we can at least assume they would need private keys to use said certificates with any properly implemented user agent.
Ryan Hurst (personal capacity) On Thu, Apr 11, 2019 at 6:12 PM Peter Gutmann <[email protected]> wrote: > admin--- via dev-security-policy <[email protected]> > writes: > > >The risk here, of course, is low in that having a certificate you do not > >control a key for doesn't give you the ability to do anything. > > As far as we know. Presumably someone has an interesting (mis)use for it > otherwise they wouldn't have bothered obtaining it. > > Peter. > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
