On Tue, Nov 23, 2021 at 7:22 AM Hanno Böck <ha...@hboeck.de> wrote: > > On Tue, 23 Nov 2021 13:21:20 +0100 > Hanno Böck <ha...@hboeck.de> wrote: > > > And I just happened to notice that the webpage of the CA/Browser Forum > > has a revoked certificate > > Sorry I hit on send too early. > I found that the cabforum.org web page has a revoked certificate issued > by Go Daddy. So it seems they did revoke certificates *before* actually > issuing and installing new ones. (Which is an issue for their > customers, but it appears they were in line with the baseline > requirements).
Further weirdness: the cert currently used by cabforum.org (https://crt.sh/?sha256= d5aa2ab2b13bcc157931cf5a779bdad694c4a9e26b35f02d2699191d153d8e3c) was revoked today with reason keyCompromise but was also only issued 2021-11-20, which is three days after GoDaddy discovered the unauthorized access (https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm). The previous cert for cabforum.org (https://crt.sh/?sha256=2eaf96b667ce8d42c4618b6766361179cf31a464a63832d82d19da8ea819d22c) was revoked 2021-11-20. Did GoDaddy start to reissue certs and then discover they hadn't fully closed attackers' access to their systems? Alex -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAN3-_m6xyS7XqCHz65DtV4%3D%2BjaEoORFMGBjwVsvMuJ9ZRe0eAw%40mail.gmail.com.