On Mon, 25 Dec 2017 14:43:21 +0000 Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> Without the private key, im not sure how we're supposed to confirm > key compromise. I've pinged a few people with the right skillset to try to extract the key. But if there are people here who feel capable feel free. (I already tried the "simple" means, e.g. grepping through files.) But one question: In the case of EA the cert got revoked and nobody asked for the key as evidence. What happened there? Did EA ask for the revocation? (I made them aware, but I have no knowledge of what happened afterwards.) -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy