Hey everyone,
Here's the DigiCert incident report about the ROCA fingerprints. Note that these were all issued by Symantec (ie, before the transaction closed). We became aware of the issue when it was posted to the mailing list. However, at that time, the certs were not operated by DigiCert. We became aware that DigiCert needed to take action on close (Nov 1). At that time, the new combined team launched an investigation to determine the impacted certs. Six certs were identified and revoked: 4a907fbfc90eb043c50c9c8ace6305a1 8008c178d0d4cd3d79acc09f6ac132c 2dab9a2d40a2f55c5d705551cf7cafe5 306b67f5c25ee0fd495d2be88979eb72 7c7b826b183093ba1e5b9850ac31d806 4c834767e44ecbd0cdef8e60c04dcf32 These certs were all revoked around Nov 3, within 24 hours of identifying the impacted certs at DigiCert. Jeremy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
