On Wednesday, May 20, 2020 at 3:03:01 AM UTC+10, Ryan Sleevi wrote: > On Tue, May 19, 2020 at 12:38 PM sandybar497--- via > dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > I actually submitted this post 6 days ago and was only just approved > > today.. is there a lack of resources approving blog posts? just don't see > > how it's helpful when posts show up so late. > > It looks like you may be posting through Google Groups, which can > cause moderation delays if you're not signed up through > https://lists.mozilla.org/listinfo/dev-security-policy (Groups is > largely Archives, with some mirroring for posting that can have > hiccups, as you can see) > > Certainly, you can always report issues through Bugzilla, as noted at > https://wiki.mozilla.org/CA/Incident_Dashboard , which doesn't have > the same moderation queue. > > > As noted, I sampled the OCSP responder well after 24 hours and the cert had > > not been revoked yet. I don't have a signed copy to share as i didn't save > > it but I don't think it's necessary since it still took GoDaddy over 24 > > hours to revoke. > > Not trying to suggest it's not the case, but these statements alone > aren't necessarily enough to demonstrate non-compliance. Signed > responses or other evidence are useful, especially when things are "on > the cusp" > > > If you compare report timestamp with ocsp timestamp the difference is > > approximately 28hrs and 48mins. > > Can you provide the original message with headers? Either to this or > as an attachment to Bugzilla?
Here are the original headers (omitting my email) *** MIME-Version: 1.0 Date: Thu, 7 May 2020 12:07:07 +0000 Message-ID: <CANb+OL=25wrEtLMXSgEbv=6eudrhgdugr+fyg5agsugej6o...@mail.gmail.com> Subject: Certificate Problem Report - compromised key From: sandy <sandy...@gmail.com> To: practi...@starfieldtech.com Content-Type: multipart/mixed; boundary="00000000000092dbd705a50db8c4" --00000000000092dbd705a50db8c4 Content-Type: multipart/alternative; boundary="00000000000092dbd505a50db8c2" --00000000000092dbd505a50db8c2 Content-Type: text/plain; charset="UTF-8" Hello, Request you revoke the all certificate associated with this compromised key. https://crt.sh/?spkisha256=e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d Attached is a valid CSR produced from the original key as evidence of compromise. The CSR is referenced with the spki sha256 fingerprint as the filename. Per cab-forum guidelines, the cert should be revoked within 24 hours. - Sandy --00000000000092dbd505a50db8c2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Hello,<br><br>Request you revoke the all certificate assoc= iated with this compromised=C2=A0key.=C2=A0=C2=A0<br><br><a href=3D"https:/= /crt.sh/?spkisha256=3De92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf= 3aec20d2d2d">https://crt.sh/?spkisha256=3De92984ace6f80c75b092df972962f2d3f= 1365ba08c8bbf9b98cdf3aec20d2d2d</a>=C2=A0=C2=A0<br><br>Attached is a valid = CSR produced from the original key as evidence of compromise. The CSR is re= ferenced with the spki sha256 fingerprint as the filename.<br><br>Per cab-f= orum guidelines, the cert should be revoked within 24 hours.<br><br>- Sandy= <br></div> --00000000000092dbd505a50db8c2-- --00000000000092dbd705a50db8c4 Content-Type: application/octet-stream; name="e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d.pem" Content-Disposition: attachment; filename="e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d.pem" Content-Transfer-Encoding: base64 X-Attachment-Id: f_k9wq5sjj0 Content-ID: <f_k9wq5sjj0> --00000000000092dbd705a50db8c4-- *** - sandy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy