According to the official briefing by the Government of Korea on April 9 2018, The government CA discovered suspicious misissuance on April 5. They revoked the certificate on April 6 and began investigating all valid SSL certificates.
src (in Korean): http://www.korea.kr/briefing/actuallyView.do?newsId=148849591&call_from=naver_news The prompt actions by the CAs were taken in compliance with CA/Browser Forum BRs. 4.9.1.1. Reasons for Revoking a Subscriber Certificate The CA SHALL revoke a Certificate within 24 hours if the CA is made aware that a Wildcard Certificate has been used to authenticate a fraudulently misleading subordinate Fully-Qualified Domain Name. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
