On Thu, May 9, 2019 at 8:59 AM Han Yuwei via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Hi m.d.s.p > I have reported a key compromise incident to digicert by contacting > support(at)digicert.com at Apr.13, 2019 and get replied at same day. But > it seems like this certificate is still valid. > This certificate is a code signing certificate and known for signing > malware. So I am here to report this to Digicert. If private key is needed > I will attach it. > > Certificate Info. > CN:Beijing Founder Apabi Technology Limited > SN: 06B7AA2C37C0876CCB0378D895D71041 > SHA1: 8564928AA4FBC4BBECF65B402503B2BE3DC60D4D > Typically, we have not dealt with issues related to code signing in this forum - particularly the evaluation and enforcement of policies. For example, the information provided doesn't allow us to distinguish whether there is even a remote chance of overlap with the activity here (e.g. with respect to audits and the CP/CPS) Have you considered reporting this to Microsoft, as I presume that's the platform concern? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
