On Sun, 5 Aug 2018 15:23:42 -0500
Alex Cohn via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:

> The certificate [1] in the GitHub link you posted was issued by
> Comodo, not by GeoTrust. The two share a private key, though, so both
> the Comodo and GeoTrust certs should be considered compromised at
> this point. I've added the Comodo-issued cert to several CT logs for
> tracking, and I'm CCing ssl_ab...@comodoca.com for followup.

As of today this is still unrevoked:
https://crt.sh/?id=630835231&opt=ocsp

Given Comodo's abuse contact was CCed in this mail I assume they knew
about this since Sunday. Thus we're way past the 24 hour in which they
should revoke it.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to