Changes

Symantec has not yet been formally asked by Mozilla to respond to this issue. However, they commented [http://www.csoonline.com/article/3184897/security/api-flaws-said-to-have-left-symantec-ssl-certificates-vulnerable-to-compromise.html to the press]:

In addition, Tarah from Symantec has posted a [https://groups.google.com/d/msg/mozilla.dev.security.policy/CEww8w9q2zE/KvF2fU8ZCgAJ detailed comment] which suggests that the issue is or was substantially less serious than the initial write-up made it sound. A discussion has ensued which I believe includes They have also made [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Wm2MrLGLjSI additional comment] in response to this document. ===Further Comments and Conclusion=== At the original reportermoment, so we will wait to there is no compelling evidence that Symantec's account of events is incorrect. If their account of events is correct then I don't see if additional information emergesa problem here. For better or worse, the sending of emails with somewhat privileged access URLs in them is common practice in this and other industries.