I've asked the Government of Korea to comment on this news article in their inclusion request (https://bugzilla.mozilla.org/show_bug.cgi?id=1377389).
- Wayne On Wed, Apr 11, 2018 at 7:26 AM, jumping2gether--- via dev-security-policy < [email protected]> wrote: > According to the official briefing by the Government of Korea on April 9 > 2018, > The government CA discovered suspicious misissuance on April 5. They > revoked the certificate on April 6 and began investigating all valid SSL > certificates. > > src (in Korean): http://www.korea.kr/briefing/actuallyView.do?newsId= > 148849591&call_from=naver_news > > > The prompt actions by the CAs were taken in compliance with CA/Browser > Forum BRs. > 4.9.1.1. Reasons for Revoking a Subscriber Certificate > The CA SHALL revoke a Certificate within 24 hours if the CA is made aware > that a Wildcard Certificate has been used to authenticate a fraudulently > misleading subordinate Fully-Qualified Domain Name. > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
