That's jumping the gun a bit. First of all they'd have to be made aware of the suspected compromise before the 24 hour clock would start. And then they'd need to be convinced that it actually was compromised. Since the server has apparently been taken down, they wouldn't be able to verify these claims themselves and I would certainly hope a CA wouldn't take such an action based only on unverified claims on Twitter.
On 3/1/18, 1:13 PM, "dev-security-policy on behalf of Hector Martin 'marcan' via dev-security-policy" <dev-security-policy-bounces+tshirley=trustwave....@lists.mozilla.org on behalf of [email protected]> wrote: At this point I would expect Comodo should revoke this certificate due to key compromise within the next 24 hours. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
