To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Sectigo: Failure to revoke certificate with compromised key
>
> CAUTION: This email originated from outside of the organization. Do not click
> links or open attachments unless you recognize the sender and know the
&g
On Wednesday, May 6, 2020 at 5:50:09 AM UTC+10, Ryan Sleevi wrote:
> On Tue, May 5, 2020 at 12:35 PM sandybar497--- via dev-security-policy
> wrote:
> >
> > I submitted a compromised key report to Sectigo [ssl_ab...@sectigo.com] on
> > 1 May 2020 at 2:03pm UTC but Sectigo failed to revoke the cer
> > The necessary evidence was provided to Sectigo and they have thus far
> > failed to deal with the evidence or clearly articulate reasons for
> > concluding this case to not be a compromise.
>
> What I've found works best when reporting these cases to m.d.s.p is to
> provide all the (substantive
On Mon, May 04, 2020 at 08:45:34AM -0700, sandybar497--- via
dev-security-policy wrote:
> Additionally, Sectigo referred to pwnedkeys as
> some sort of authority that they say it’s not compromised.
Bless their little cotton socks, pwnedkeys is now such an authority that
Sectigo thinks I've got ev
On Tue, May 5, 2020 at 12:35 PM sandybar497--- via dev-security-policy
wrote:
>
> I submitted a compromised key report to Sectigo [ssl_ab...@sectigo.com] on 1
> May 2020 at 2:03pm UTC but Sectigo failed to revoke the certificate per
> cab-forum guidelines [4.9.1.1. Reasons for Revoking a Subscri
5 matches
Mail list logo