> One - which appears to remain valid at time of writing - is an OV certificate > for "routerlogin.com" and variants, which was issued to Netgear by Entrust, > https://crt.sh/?id=1955992027 >
Based on this tweet (https://twitter.com/FiloSottile/status/1219147543667453953?s=19) from 2020-01-20 06:39 UTC, it appears that Entrust failed to revoke this within 24 of hours of "receipt of the Certificate Problem Report", not revoking until Jan 21 15:21:36 2020 GMT. Will Entrust be filing an incident report for this? (I also submitted a report separately, they revoked 7 minutes shy of 24 hours after mine, shortly after this note to the list). _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
