Thanks for that. So now I should send another email to or 
just wait for revocation? And who should I contact if this address doesn't work?
在 2019年5月10日星期五 UTC+8上午8:26:09,Jeremy Rowley写道:
> No argument from me there. We generally act on them no matter what.
> Typically any email sent to requesting revocation is
> forwarded to That's the standard procedure. This one
> was missed unfortunately.
> -----Original Message-----
> From: dev-security-policy <> On
> Behalf Of Daniel Marschall via dev-security-policy
> Sent: Thursday, May 9, 2019 4:16 PM
> To:
> Subject: RE: Reported Digicert key compromise but not revoked
> I personally do think that it matters to this forum. A CA - no matter what
> kind of certificates it issues - must take revocation requests seriously and
> act immediately, even if the email is sent to the wrong address. If an
> employee at the help desk is unable to forward revocation requests, or needs
> several weeks to reply, then there is something not correct with the CA, no
> matter if the revocation request is related to a web certificate or code
> signing certificate. That's my opinion on this case.
> _______________________________________________
> dev-security-policy mailing list

dev-security-policy mailing list

Reply via email to