Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Symantec Issues: Difference between revisions
Jump to navigation
Jump to search
Issue R
(Issue X update) |
(Issue R) |
||
| Line 207: | Line 207: | ||
===Symantec Response=== | ===Symantec Response=== | ||
Symantec | Symantec commented [http://www.csoonline.com/article/3184897/security/api-flaws-said-to-have-left-symantec-ssl-certificates-vulnerable-to-compromise.html to the press]: | ||
<blockquote> | <blockquote> | ||
| Line 213: | Line 213: | ||
</blockquote> | </blockquote> | ||
In addition, Tarah from Symantec has posted a [https://groups.google.com/d/msg/mozilla.dev.security.policy/CEww8w9q2zE/KvF2fU8ZCgAJ detailed comment] which suggests that the issue is or was substantially less serious than the initial write-up made it sound. | In addition, Tarah from Symantec has posted a [https://groups.google.com/d/msg/mozilla.dev.security.policy/CEww8w9q2zE/KvF2fU8ZCgAJ detailed comment] which suggests that the issue is or was substantially less serious than the initial write-up made it sound. They have also made [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Wm2MrLGLjSI additional comment] in response to this document. | ||
===Further Comments and Conclusion=== | |||
At the moment, there is no compelling evidence that Symantec's account of events is incorrect. If their account of events is correct then I don't see a problem here. For better or worse, the sending of emails with somewhat privileged access URLs in them is common practice in this and other industries. | |||
==Issue T: RA Program Misissuances (January 2010 - January 2017)== | ==Issue T: RA Program Misissuances (January 2010 - January 2017)== | ||