We have become aware of this certificate and its key compromise, thank you for this information. We are contacting the owner to understand impact to the deployed devices, but with clear intent to revoke. We will provide updates while we make progress.
Kind regards, Steven Medin PKI Policy Manager, Symantec Corporation -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+steve_medin=symantec.com@lists.mozilla.o rg] On Behalf Of Gervase Markham Sent: Tuesday, September 06, 2016 2:02 PM To: Kyle Hamilton <[email protected]>; [email protected] Subject: Re: Compromised certificate that the owner didn't wish to revoke (signed by GeoTrust) On 06/09/16 18:25, Kyle Hamilton wrote: > Aruba chose not to notify GeoTrust that it needed to be revoked due to > compromised private key. I am notifying because I believe it > violates the Basic Requirements for someone other than the identified > subject to possess the private key for a publicly-trusted certificate. It does; have you notified GeoTrust using whatever mechanism they make available for such notifications? They are supposed to have one, according to the BRs. I'm not sure posting here would count. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
