>From what I've read, it appears the situation here is that Trustico wanted to >revoke all their customer certs from Digicert so they could do a mass >migration to another CA (which is not a proper reason to revoke). When asked >for proof by Digicert that the certificates were compromised and needed to be >revoked, Trustico sent Digicert 23,000(!) private keys that *they had stored* >due to the fact that they were generated by their web-based system in order to >effectively *make them* compromised.
Am I missing anything? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy