Yeah - still trying to get that info. I'll update this list right when I know what's been done. I'm not 100% sure at this point, but I wanted to post early and update than wait until I know everything. Sorry - should have specified that in the original email.
-----Original Message----- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Tuesday, November 7, 2017 11:38 AM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert ROCA fingerprint incident report Hi, What I miss is what has been done to prevent new ones from being issued. Kurt On Tue, Nov 07, 2017 at 06:20:53PM +0000, Jeremy Rowley via dev-security-policy wrote: > Hey everyone, > > > > Here's the DigiCert incident report about the ROCA fingerprints. Note > that these were all issued by Symantec (ie, before the transaction closed). > > > > We became aware of the issue when it was posted to the mailing list. > However, at that time, the certs were not operated by DigiCert. We > became aware that DigiCert needed to take action on close (Nov 1). At > that time, the new combined team launched an investigation to > determine the impacted certs. Six certs were identified and revoked: > > > > > 4a907fbfc90eb043c50c9c8ace6305a1 > > > 8008c178d0d4cd3d79acc09f6ac132c > > > 2dab9a2d40a2f55c5d705551cf7cafe5 > > > 306b67f5c25ee0fd495d2be88979eb72 > > > 7c7b826b183093ba1e5b9850ac31d806 > > > 4c834767e44ecbd0cdef8e60c04dcf32 > > > > These certs were all revoked around Nov 3, within 24 hours of > identifying the impacted certs at DigiCert. > > > > Jeremy > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/ac3GKpOQNNTUgvdrINCg5TSocQpoIoCYQJm > i6wdzR6s=?d=x6aCRo4VfXwciHJ72iOM_J1K3cmxLlV0aGOHiskoYAX0y17Wq9rBdSq-bg > 4GrKAujQl5VZlxkGBYh01ZXYr8EygG-dNtE90f1YxT_GtuW58TCPLm7Mzjb03dlIVjjY5- > Rjwup4G6ykol-8HJAhLROxtb1Gda2q-q68_5E0-B8lD0Vce3ByqdfnbDVs8EMtgtnbEqDO > 6mDPSrslcUjJVelIOpVaxXMdNiBwpMKzmrMdj_V1r1S7QZYgVhUMqQIdLCSpsF3J_80G4P > 0pGEj80fNBSwYUExVrYXgahNhnXwZBZ2uStpa7rDf1Za_6AmZUyOBJKYnpBkOQOvL_7APz > 7ZWMYjlryr5kvZwlfwT2ceDE2ZfuZyVEaDmygE8KnF&u=https%3A%2F%2Flists.mozil > la.org%2Flistinfo%2Fdev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy