Thanks for that. So now I should send another email to rev...@digicert.com or just wait for revocation? And who should I contact if this address doesn't work? 在 2019年5月10日星期五 UTC+8上午8:26:09,Jeremy Rowley写道: > No argument from me there. We generally act on them no matter what. > Typically any email sent to supp...@digicert.com requesting revocation is > forwarded to rev...@digicert.com. That's the standard procedure. This one > was missed unfortunately. > > -----Original Message----- > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On > Behalf Of Daniel Marschall via dev-security-policy > Sent: Thursday, May 9, 2019 4:16 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: RE: Reported Digicert key compromise but not revoked > > I personally do think that it matters to this forum. A CA - no matter what > kind of certificates it issues - must take revocation requests seriously and > act immediately, even if the email is sent to the wrong address. If an > employee at the help desk is unable to forward revocation requests, or needs > several weeks to reply, then there is something not correct with the CA, no > matter if the revocation request is related to a web certificate or code > signing certificate. That's my opinion on this case. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
