That's not the visible consensus IMO. The visible consensus is we need to
revoke a cert that is key compromised once we're informed the key is
compromised for that cert
(https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/1ftkqbsnEU4).
The certificate you mentioned was issued
On Mon, Mar 23, 2020 at 02:02:18AM +, Stephen Davidson via
dev-security-policy wrote:
> Summary: The certificates noted in Matt Palmer's email below were not in
> his original problem report to QuoVadis.
While this may be true in an extremely narrow and literal sense, I don't
believe this is
Hello:
(Apologies if multiple copies of this are received. The initial send was
bounced by mdsp.)
Summary: The certificates noted in Matt Palmer's email below were not in his
original problem report to QuoVadis. The certificates he reported were revoked
in a time manner, and we acknowledged
On Sun, Mar 22, 2020 at 07:47:49AM +0100, Hanno Böck via dev-security-policy
wrote:
> FWIW: Given that with the private key it's easily possible to revoke
> certificates from Let's Encrypt I took the key yesterday and iterated
> over all of them and called the revoke command of certbot.
Yes, I pl
4 matches
Mail list logo