Hi Han - the proper alias is rev...@digicert.com. The support alias will sometimes handle these, but not always. We picked up the request from your post here and are working on it.
Of course, this is out of scope of the Mozilla policy since its code signing only. -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Ryan Sleevi via dev-security-policy Sent: Thursday, May 9, 2019 8:37 AM To: Han Yuwei <hanyuwe...@gmail.com> Cc: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Reported Digicert key compromise but not revoked On Thu, May 9, 2019 at 8:59 AM Han Yuwei via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi m.d.s.p > I have reported a key compromise incident to digicert by contacting > support(at)digicert.com at Apr.13, 2019 and get replied at same day. > But it seems like this certificate is still valid. > This certificate is a code signing certificate and known for signing > malware. So I am here to report this to Digicert. If private key is > needed I will attach it. > > Certificate Info. > CN:Beijing Founder Apabi Technology Limited > SN: 06B7AA2C37C0876CCB0378D895D71041 > SHA1: 8564928AA4FBC4BBECF65B402503B2BE3DC60D4D > Typically, we have not dealt with issues related to code signing in this forum - particularly the evaluation and enforcement of policies. For example, the information provided doesn't allow us to distinguish whether there is even a remote chance of overlap with the activity here (e.g. with respect to audits and the CP/CPS) Have you considered reporting this to Microsoft, as I presume that's the platform concern? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
