On Wed, 2021-09-08 at 13:13 +0100, Tim Woodall wrote: > This is a bit tongue in cheek, but how about these sites where the > .debs are downloaded from publish their *private* key? They openly > accept that anyone can MITM them.
If you have access to the private key, you can request the CA to revoke the certificate: +--- | 4.9.1.1 Reasons for Revoking a Subscriber Certificate | | The CA SHALL revoke a Certificate within 24 hours if one or more of | the following occurs: | [...] | 3. The CA obtains evidence that the Subscriber’s Private Key | corresponding to the Public Key in the Certificate suffered a Key | Compromise +---[ https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.8.0.pdf ] So that would not be helpful. Ansgar