On Tuesday, 21 January 2020 15:49:30 UTC-5, Dathan Demone wrote: > On Tuesday, 21 January 2020 14:07:49 UTC-5, Benjamin Seidenberg wrote: > > > One - which appears to remain valid at time of writing - is an OV > > > certificate for "routerlogin.com" and variants, which was issued to > > > Netgear by Entrust, https://crt.sh/?id=1955992027 > > > > > > > Based on this tweet > > (https://twitter.com/FiloSottile/status/1219147543667453953?s=19) from > > 2020-01-20 06:39 UTC, it appears that Entrust failed to revoke this within > > 24 of hours of "receipt of the Certificate Problem Report", not revoking > > until Jan 21 15:21:36 2020 GMT. > > > > Will Entrust be filing an incident report for this? > > > > (I also submitted a report separately, they revoked 7 minutes shy of 24 > > hours after mine, shortly after this note to the list). > > We will be posting an incident report shortly once we complete our > investigation.
An incident report has been posted here: https://bugzilla.mozilla.org/show_bug.cgi?id=1611241 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
