I’ve shared this with @Scott_Helme directly. The most meaningful improves are systemic: clearer and more consistent rules, automatic checks, improved procedures. You don’t need 4,000 certs for that; 4 works just fine. The other 3,996 must go, but systemic change is what matters.
-
-
That's working on the assumption that my list contained all affected certificates. I'm not making an assertion that all other certs are ok and the CA still needs to look into that. All I'm saying is I found these that are bad.
-
I'm not sure I'm comfortable with the approach either. Intentionally withholding information from the CA to see if they catch it? When I find problems I give the organisation I'm reporting it to all of the information I have.
- 13 more replies
New conversation -
-
-
.
@winxp5421 had exactly the same experience reporting@Namecheap's silent-in-the-GUI DNSSEC activation failures. They were only fixing reported ones. He learned to only a report a small subset & hold the remaining ones in reserve to verify if they'd fixed the problem system-wide. -
But I will still know that with the ongoing monitoring regardless. Seems the only thing we're splitting hairs on here is providing the full list rather than withhold 99% of it and see if they catch it.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.