ity-policy
> Sent: Thursday, May 9, 2019 4:16 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: RE: Reported Digicert key compromise but not revoked
>
> I personally do think that it matters to this forum. A CA - no matter what
> kind of certificates it issues
olicy On
Behalf Of Daniel Marschall via dev-security-policy
Sent: Thursday, May 9, 2019 4:16 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Reported Digicert key compromise but not revoked
I personally do think that it matters to this forum. A CA - no matter what
kind of certificat
Thanks Wayne. We’ll update our CPS to keep it clear.
From: Wayne Thayer
Sent: Thursday, May 9, 2019 5:04 PM
To: Andrew Ayer
Cc: Jeremy Rowley ; Jeremy Rowley via
dev-security-policy
Subject: Re: Reported Digicert key compromise but not revoked
DigiCert CPS section 1.5.2 [1] could also
DigiCert CPS section 1.5.2 [1] could also more clearly state that
rev...@digicert.com is the correct address for 'reporting suspected Private
Key Compromise, Certificate misuse, or other types of fraud, compromise,
misuse, inappropriate conduct, or any other matter related to
Certificates.' Since b
Thanks Andrew. Yes - it should be rev...@digicert.com
-Original Message-
From: Andrew Ayer
Sent: Thursday, May 9, 2019 4:46 PM
To: Jeremy Rowley
Cc: Jeremy Rowley via dev-security-policy
Subject: Re: Reported Digicert key compromise but not revoked
On Thu, 9 May 2019 14:47:05 +
On Thu, 9 May 2019 14:47:05 +
Jeremy Rowley via dev-security-policy
wrote:
> Hi Han - the proper alias is rev...@digicert.com. The support alias
> will sometimes handle these, but not always.
Is that also true of SSL certificates? supp...@digicert.com is listed
first at
https://ccadb-public
I personally do think that it matters to this forum. A CA - no matter what kind
of certificates it issues - must take revocation requests seriously and act
immediately, even if the email is sent to the wrong address. If an employee at
the help desk is unable to forward revocation requests, or ne
: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Thursday, May 9, 2019 8:37 AM
To: Han Yuwei
Cc: mozilla-dev-security-policy
Subject: Re: Reported Digicert key compromise but not revoked
On Thu, May 9, 2019 at 8:59 AM Han Yuwei via dev-security-policy <
dev-secur
On Thu, May 9, 2019 at 8:59 AM Han Yuwei via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi m.d.s.p
> I have reported a key compromise incident to digicert by contacting
> support(at)digicert.com at Apr.13, 2019 and get replied at same day. But
> it seems like this certif
Hi m.d.s.p
I have reported a key compromise incident to digicert by contacting
support(at)digicert.com at Apr.13, 2019 and get replied at same day. But it
seems like this certificate is still valid.
This certificate is a code signing certificate and known for signing malware.
So I am here to rep
10 matches
Mail list logo