Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Update to indicate list of affected certs for L is incomplete
It is the responsibility of the CA to disclose issues to its auditors, not for the auditor to discover them. WoSign was aware of this, because some of the issues in this document were disclosed to auditors and included in their report.
The completeness of WoSign's list of 72 certificates has been was called into question by a discussion participant who testifies testified that [https://crt.sh/?id=30335331 his certificate] was validated using port 8080 but does not appear in WoSign's list. In response, Richard [https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/LVnZBHOGDgAJ said] that in fact their system did not directly record the port used for validation, and so he could not guarantee that the list was complete.
==Incident N: Additional Domain Errors (June 2015)==
