Yes, we plan to revoke all after getting confirmation from subscriber. We are 
doing this.



> On 29 Aug 2016, at 16:38, Gervase Markham <> wrote:
>> On 29/08/16 05:46, Richard Wang wrote:
>> For incident 1 - mis-issued certificate with un-validated subdomain,
>> total 33 certificates. We have posted to CT log server and listed in
>>, here is the URL. Some certificates are revoked after getting
>> report from subscriber, but some still valid, if any subscriber think
>> it must be revoked and replaced new one, please contact us in the
>> system, thanks.
> Er, no. If these certificates were issued with unvalidated parent
> domains (e.g. with when the person validation
> then they need to all be revoked. You should actively contact your
> customers and issue them new certificates containing only validated
> information, and then revoke these ones.
> Gerv

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to