On Sun, Nov 10, 2024 at 06:19:50PM -0500, Amir Omidi wrote: > Trying to understand why signing with these keys is considered full > disclosure?
It's not. That's why Pwnedkeys provides a signed-by-the-key attestation of compromise. Full disclosure would be keeping the actual private keys online in a central database, which is what is required to use the ACME revokeCert endpoint. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c88574b4-041d-4af9-ad59-95c537e36c8a%40mtasv.net.
