Nelson B Bolyard wrote: > Frank Hecker wrote: > >> For the record, I am pretty sure that we have CAs already in the root >> list that have issued test certs under their hierarchies. IIRC the last >> instance of this I saw was a CA that had a subordinate CA used to >> testing purposes, under the root CA that we include. > > Please elaborate. What CA did that? > Is the subordinate CA that did so still valid (unexpired)? > [..] > IMO, this is a serious enough breach that it warrants calling for the > removal of the CA that did it. If the subordinate CA is still valid > and is not revoked, this calls for drastic action.
+1 for the drastic action if that's really the case for any pre-installed root CA or one of their subordinate CAs. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
