Thanks Wayne. We’ll update our CPS to keep it clear.
From: Wayne Thayer <[email protected]> Sent: Thursday, May 9, 2019 5:04 PM To: Andrew Ayer <[email protected]> Cc: Jeremy Rowley <[email protected]>; Jeremy Rowley via dev-security-policy <[email protected]> Subject: Re: Reported Digicert key compromise but not revoked DigiCert CPS section 1.5.2 [1] could also more clearly state that [email protected] <mailto:[email protected]> is the correct address for 'reporting suspected Private Key Compromise, Certificate misuse, or other types of fraud, compromise, misuse, inappropriate conduct, or any other matter related to Certificates.' Since both email addresses are listed in that section, it's not difficult to mistake [email protected] <mailto:[email protected]> as the problem reporting mechanism, even though the last sentence in 1.5.2.1 implies that [email protected] <mailto:[email protected]> is for problem reporting. - Wayne [1] https://www.digicert.com/wp-content/uploads/2019/04/DigiCert_CPS_v418.pdf On Thu, May 9, 2019 at 3:46 PM Andrew Ayer via dev-security-policy <[email protected] <mailto:[email protected]> > wrote: On Thu, 9 May 2019 14:47:05 +0000 Jeremy Rowley via dev-security-policy <[email protected] <mailto:[email protected]> > wrote: > Hi Han - the proper alias is [email protected] <mailto:[email protected]> > . The support alias > will sometimes handle these, but not always. Is that also true of SSL certificates? [email protected] <mailto:[email protected]> is listed first at https://ccadb-public.secure.force.com/mozilla/ProblemReportingMechanismsReport That should be fixed if [email protected] <mailto:[email protected]> is not the right place to report problems with SSL certificates. Regards, Andrew _______________________________________________ dev-security-policy mailing list [email protected] <mailto:[email protected]> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
