On March 30, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. _______________________________________________________________________________________
We've been working our plan to revoke impacted certificates. Thus far over 500,000 certificates have been revoked since the issue was identified and 54,853 remain (file attached with remaining certificates [in teh Bugzilla post]). Our plan will result in all impacted certificates being revoked. Our approach to resolving this incident has been to strike a balance between a compliance incident with low associated security risk and impact to critical services. We have established a timeline to address the remaining certificates that minimizes service impact and allows standard QA and change control processes to ensure uptime is not affected. As part of the remediation plan, a number of certificates will be migrated to an internal, enterprise PKI, which will take more time. Based on these factors, it is expected that most certificates will be revoked by April 30 with less than 2% extending until July 15. Another update will be provided next week. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
