On Tue, May 19, 2020 at 07:33:00PM -0700, sandybar497--- via dev-security-policy wrote: > Here are the original headers (omitting my email) > > *** > > MIME-Version: 1.0 > Date: Thu, 7 May 2020 12:07:07 +0000 > Message-ID: > <CANb+OL=25wrEtLMXSgEbv=6eudrhgdugr+fyg5agsugej6o...@mail.gmail.com> > Subject: Certificate Problem Report - compromised key > From: sandy <sandy...@gmail.com> [...] > https://crt.sh/?spkisha256=e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d
crt.sh sez: Revoked (cessationOfOperation) 2020-05-08 16:55:17 UTC Got to say, that definitely does look like over 24 hours from e-mail to revocation. Unfortunately, because you're using gmail, it's tricky to be able to demonstrate when GoDaddy *actually* received the e-mail -- I don't know of a way to get at the MTA logs to show when it was delivered to the remote MTA. I'd be curious to hear from GoDaddy as to why the revocation reason here is marked as "cessationOfOperation", rather than "keyCompromise". That seems... fishy. > Content-Type: application/octet-stream; > name="e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d.pem" > Content-Disposition: attachment; > filename="e92984ace6f80c75b092df972962f2d3f1365ba08c8bbf9b98cdf3aec20d2d2d.pem" > Content-Transfer-Encoding: base64 > X-Attachment-Id: f_k9wq5sjj0 > Content-ID: <f_k9wq5sjj0> Somewhere along the line this got lost. It'd be good to have a copy of it, for completeness. Since it's in PEM format, you can include it in the body of an e-mail -- the Mozilla lists are a bit finicky with attachments. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy