I've asked the Government of Korea to comment on this news article in their
inclusion request (https://bugzilla.mozilla.org/show_bug.cgi?id=1377389).

- Wayne

On Wed, Apr 11, 2018 at 7:26 AM, jumping2gether--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> According to the official briefing by the Government of Korea on April 9
> 2018,
> The government CA discovered suspicious misissuance on April 5. They
> revoked the certificate on April 6 and began investigating all valid SSL
> certificates.
>
> src (in Korean): http://www.korea.kr/briefing/actuallyView.do?newsId=
> 148849591&call_from=naver_news
>
>
> The prompt actions by the CAs were taken in compliance with CA/Browser
> Forum BRs.
> 4.9.1.1. Reasons for Revoking a Subscriber Certificate
> The CA SHALL revoke a Certificate within 24 hours if the CA is made aware
> that a Wildcard Certificate has been used to authenticate a fraudulently
> misleading subordinate Fully-Qualified Domain Name.
>
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to