On 06/09/16 18:25, Kyle Hamilton wrote: > Aruba chose not to notify GeoTrust that it needed to be revoked due to > compromised private key. I am notifying because I believe it violates > the Basic Requirements for someone other than the identified subject to > possess the private key for a publicly-trusted certificate.
It does; have you notified GeoTrust using whatever mechanism they make available for such notifications? They are supposed to have one, according to the BRs. I'm not sure posting here would count. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy