Alex - thanks for the question.
No, we can confirm that our systems are still secure and this revocation had nothing to do with unauthorized access to our systems. We will provide additional details in our formal incident report at bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1742657 Best, Brittany Randall On Tuesday, November 23, 2021 at 3:47:02 PM UTC-7 Alex Cohn wrote: > On Tue, Nov 23, 2021 at 7:22 AM Hanno Böck <[email protected]> wrote: > > > > On Tue, 23 Nov 2021 13:21:20 +0100 > > Hanno Böck <[email protected]> wrote: > > > > > And I just happened to notice that the webpage of the CA/Browser Forum > > > has a revoked certificate > > > > Sorry I hit on send too early. > > I found that the cabforum.org web page has a revoked certificate issued > > by Go Daddy. So it seems they did revoke certificates *before* actually > > issuing and installing new ones. (Which is an issue for their > > customers, but it appears they were in line with the baseline > > requirements). > > Further weirdness: the cert currently used by cabforum.org > (https://crt.sh/?sha256= > d5aa2ab2b13bcc157931cf5a779bdad694c4a9e26b35f02d2699191d153d8e3c) was > revoked today with reason keyCompromise but was also only issued > 2021-11-20, which is three days after GoDaddy discovered the > unauthorized access > ( > https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm > ). > > The previous cert for cabforum.org > ( > https://crt.sh/?sha256=2eaf96b667ce8d42c4618b6766361179cf31a464a63832d82d19da8ea819d22c > ) > was revoked 2021-11-20. > > Did GoDaddy start to reissue certs and then discover they hadn't fully > closed attackers' access to their systems? > > Alex > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c77ab817-f2d2-415d-aeda-105d700650afn%40mozilla.org.
