I’m pretty sure EA revoked the cert.
> On Dec 25, 2017, at 9:23 AM, Hanno Böck <ha...@hboeck.de> wrote: > > On Mon, 25 Dec 2017 14:43:21 +0000 > Jeremy Rowley via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > >> Without the private key, im not sure how we're supposed to confirm >> key compromise. > > I've pinged a few people with the right skillset to try to extract the > key. But if there are people here who feel capable feel free. (I already > tried the "simple" means, e.g. grepping through files.) > > But one question: In the case of EA the cert got revoked and nobody > asked for the key as evidence. What happened there? Did EA ask for the > revocation? (I made them aware, but I have no knowledge of what happened > afterwards.) > > -- > Hanno Böck > https://clicktime.symantec.com/a/1/7E2647SolTSFOrmTr1pTA6SaNlzWBEeOvNPzQjcoj-Q=?d=umuIBG9-qCSr0Ylk6iYyIG3WeDTsVZikMcWOz_90PD3etIywoX7mdbgM5-o7RmsLsolZOKJ5Yd7icx5CeHssMAD1UiN3APXXUDDjiwPDtMurIvGC1HUEmDwsAqBNjurJb-MIs_jopfZdcgY8mxha-DU3cggVxUKUpNesVOFzY4crbfh1T7v41ePXIqcjijQ5aiIrkZW7KPQhtK0KI34OyF_MPpj2n6Qwe3uXjjiKkflcD6tc0TslmbWo45ySkZr4IN9bmDJwyvSkZBodxAx7nt14NKzoWv2Mva865UkPqyNQF_sU7EOLF98PY4vHaeQFD-z9YZXHQxZjsTCqILJKF6XLJBIUOlZRa_LrXPQ8DxHY7YqNM4c8olIBYR8DWed9-LY-7juzWP3pT-3XoQanCUnEbUsgq1BNL8yQ_OU%3D&u=https%3A%2F%2Fhboeck.de%2F > > mail/jabber: ha...@hboeck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
