Hi, According to this https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm there was a security incident at Godaddy. Among other things it lists this: "•For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers."
This seems relevant for the TLS community and is a bit unclear. According to the Baseline Requirements CAs are required to revoke certificates when they become aware of compromised keys within 24 hours. However this statement only mentions that they're issuing and installing new certificates (which from a risk point of view is irrelevant) and says nothing about revocation. -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20211123130833.591f7e50%40computer.
