MozillaWiki

CA/WoSign Issues: Difference between revisions

Page Discussion

CA/WoSign Issues (view source)

Revision as of 08:06, 7 September 2016

246 bytes added ,  7 September 2016
Update to indicate list of affected certs for L is incomplete
(Add quote about 72 being all)
(Update to indicate list of affected certs for L is incomplete)
Line 124: Line 124:
It is the responsibility of the CA to disclose issues to its auditors, not for the auditor to discover them. WoSign was aware of this, because some of the issues in this document were disclosed to auditors and included in their report.
It is the responsibility of the CA to disclose issues to its auditors, not for the auditor to discover them. WoSign was aware of this, because some of the issues in this document were disclosed to auditors and included in their report.


The completeness of WoSign's list of 72 certificates has been called into question by a discussion participant who testifies that [https://crt.sh/?id=30335331 his certificate] was validated using port 8080 but does not appear in WoSign's list.
The completeness of WoSign's list of 72 certificates was called into question by a discussion participant who testified that [https://crt.sh/?id=30335331 his certificate] was validated using port 8080 but does not appear in WoSign's list. In response, Richard [https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/LVnZBHOGDgAJ said] that in fact their system did not directly record the port used for validation, and so he could not guarantee that the list was complete.


==Incident N: Additional Domain Errors (June 2015)==
==Incident N: Additional Domain Errors (June 2015)==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1146949"