Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Update N
This matter represents the first time any CA attempted to follow the exception process which was developed over the course of weeks, beginning at the Bilbao CABF face-to-face meeting in May 2016, and with the input of our partners. Google initially proposed this exception process, which was later modified following input from other CABF members. Our internal process did not clearly specify to our PKI Operations team to stop at the point of TBS creation, which subsequently resulted in the creation of signed certificates instead of TBS Certificates. Importantly, our audit process promptly identified the error, and Symantec never released the certificates. We also promptly improved our internal process.
</blockquote>
===Further Comments and Conclusion===
Is is true that this is a new process, and that stopping the issuance process at the point of creating TBSCertificates is unusual. While perhaps embarrassing, the risk here seems minimal given that near-identical certificates were issued and distributed a week later.
==Issue P: UniCredit Sub CA Failing To Follow BRs (April - October 2016)==
