I personally do think that it matters to this forum. A CA - no matter what kind of certificates it issues - must take revocation requests seriously and act immediately, even if the email is sent to the wrong address. If an employee at the help desk is unable to forward revocation requests, or needs several weeks to reply, then there is something not correct with the CA, no matter if the revocation request is related to a web certificate or code signing certificate. That's my opinion on this case. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
RE: Reported Digicert key compromise but not revoked
Daniel Marschall via dev-security-policy Thu, 09 May 2019 15:16:52 -0700
- Reported Digicert key compromise ... Han Yuwei via dev-security-policy
- Re: Reported Digicert key co... Ryan Sleevi via dev-security-policy
- RE: Reported Digicert ke... Jeremy Rowley via dev-security-policy
- RE: Reported Digicer... Daniel Marschall via dev-security-policy
- RE: Reported Dig... Jeremy Rowley via dev-security-policy
- Re: Reporte... Han Yuwei via dev-security-policy
- Re: Reported Digicer... Andrew Ayer via dev-security-policy
- RE: Reported Dig... Jeremy Rowley via dev-security-policy
- Re: Reported Dig... Wayne Thayer via dev-security-policy
- RE: Reporte... Jeremy Rowley via dev-security-policy