DigiCert CPS section 1.5.2 [1] could also more clearly state that rev...@digicert.com is the correct address for 'reporting suspected Private Key Compromise, Certificate misuse, or other types of fraud, compromise, misuse, inappropriate conduct, or any other matter related to Certificates.' Since both email addresses are listed in that section, it's not difficult to mistake supp...@digicert.com as the problem reporting mechanism, even though the last sentence in 1.5.2.1 implies that rev...@digicert.com is for problem reporting.
- Wayne [1] https://www.digicert.com/wp-content/uploads/2019/04/DigiCert_CPS_v418.pdf On Thu, May 9, 2019 at 3:46 PM Andrew Ayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thu, 9 May 2019 14:47:05 +0000 > Jeremy Rowley via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > > Hi Han - the proper alias is rev...@digicert.com. The support alias > > will sometimes handle these, but not always. > > Is that also true of SSL certificates? supp...@digicert.com is listed > first at > > https://ccadb-public.secure.force.com/mozilla/ProblemReportingMechanismsReport > > That should be fixed if supp...@digicert.com is not the right place to > report problems with SSL certificates. > > Regards, > Andrew > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy