Hi Jeremy, Have all these certificates been submitted to CT?
Thanks! Alex On Tue, Nov 7, 2017 at 1:20 PM, Jeremy Rowley via dev-security-policy < [email protected]> wrote: > Hey everyone, > > > > Here's the DigiCert incident report about the ROCA fingerprints. Note that > these were all issued by Symantec (ie, before the transaction closed). > > > > We became aware of the issue when it was posted to the mailing list. > However, at that time, the certs were not operated by DigiCert. We became > aware that DigiCert needed to take action on close (Nov 1). At that time, > the new combined team launched an investigation to determine the impacted > certs. Six certs were identified and revoked: > > > > > 4a907fbfc90eb043c50c9c8ace6305a1 > > > 8008c178d0d4cd3d79acc09f6ac132c > > > 2dab9a2d40a2f55c5d705551cf7cafe5 > > > 306b67f5c25ee0fd495d2be88979eb72 > > > 7c7b826b183093ba1e5b9850ac31d806 > > > 4c834767e44ecbd0cdef8e60c04dcf32 > > > > These certs were all revoked around Nov 3, within 24 hours of identifying > the impacted certs at DigiCert. > > > > Jeremy > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
