RE: Digicert: failure to revoke certificate with previously compromised key

That's not the visible consensus IMO. The visible consensus is we need to revoke a cert that is key compromised once we're informed the key is compromised for that cert (https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/1ftkqbsnEU4). The certificate you mentioned was issued

Re: QuoVadis: Failure to revoke key-compromised certificates within 24 hours

On Mon, Mar 23, 2020 at 02:02:18AM +, Stephen Davidson via dev-security-policy wrote: > Summary: The certificates noted in Matt Palmer's email below were not in > his original problem report to QuoVadis. While this may be true in an extremely narrow and literal sense, I don't believe this is

RE: QuoVadis: Failure to revoke key-compromised certificates within 24 hours

Hello: (Apologies if multiple copies of this are received. The initial send was bounced by mdsp.) Summary: The certificates noted in Matt Palmer's email below were not in his original problem report to QuoVadis. The certificates he reported were revoked in a time manner, and we acknowledged

Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sun, Mar 22, 2020 at 07:47:49AM +0100, Hanno Böck via dev-security-policy wrote: > FWIW: Given that with the private key it's easily possible to revoke > certificates from Let's Encrypt I took the key yesterday and iterated > over all of them and called the revoke command of certbot. Yes, I pl