Some of the depressing replies via https://groups.google.com/d/msg/mozilla.dev.security.policy/Q9whve-HJfM/RIrLjzruBgAJ … ETSI ESI Vice-Chair: It's unfortunate auditors are criticized - https://groups.google.com/d/msg/mozilla.dev.security.policy/Q9whve-HJfM/_RKlD7ybAwAJ … ACAB'c - Don't blame auditors for mistakes - https://groups.google.com/d/msg/mozilla.dev.security.policy/PgbzAVxHqzo/boDMd0-mAgAJ … Sounds nearly identical to CAs when called out for bad certs
Is the issue that the CA encoded the qualification X.509 extension wrongly, or something else?
-
-
Plus the fact that some auditors didn't raise the issue as a sufficient level.
-
Sorry, I'm very out of the loop. Why does anybody parse this extension in a way where they would even notice this issue? I would guess there are all kinds of malformed extensions.
-
"If a tree falls in a forest and no one is around to hear it, does it make a sound?"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.