On Tuesday, 21 January 2020 14:07:49 UTC-5, Benjamin Seidenberg wrote: > > One - which appears to remain valid at time of writing - is an OV > > certificate for "routerlogin.com" and variants, which was issued to Netgear > > by Entrust, https://crt.sh/?id=1955992027 > > > > Based on this tweet > (https://twitter.com/FiloSottile/status/1219147543667453953?s=19) from > 2020-01-20 06:39 UTC, it appears that Entrust failed to revoke this within 24 > of hours of "receipt of the Certificate Problem Report", not revoking until > Jan 21 15:21:36 2020 GMT. > > Will Entrust be filing an incident report for this? > > (I also submitted a report separately, they revoked 7 minutes shy of 24 hours > after mine, shortly after this note to the list).
We will be posting an incident report shortly once we complete our investigation. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy