Re: QuoVadis: Failure to revoke key-compromised certificates within 24 hours

On Mon, Mar 23, 2020 at 02:02:18AM +, Stephen Davidson via dev-security-policy wrote: > Summary: The certificates noted in Matt Palmer's email below were not in > his original problem report to QuoVadis. While this may be true in an extremely narrow and literal sense, I don't believe this

RE: QuoVadis: Failure to revoke key-compromised certificates within 24 hours

Hello: (Apologies if multiple copies of this are received. The initial send was bounced by mdsp.) Summary: The certificates noted in Matt Palmer's email below were not in his original problem report to QuoVadis. The certificates he reported were revoked in a time manner, and we acknowledged

Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sun, Mar 22, 2020 at 07:47:49AM +0100, Hanno Böck via dev-security-policy wrote: > FWIW: Given that with the private key it's easily possible to revoke > certificates from Let's Encrypt I took the key yesterday and iterated > over all of them and called the revoke command of certbot. Yes, I

Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sat, 21 Mar 2020 19:20:27 + Nick Lamb via dev-security-policy wrote: > Rather than mint an RSA key pair and self-signed certificate to > bootstrap each install, they just supply a (presumably randomly > generated) key and certificate right in the install data. FWIW: Given that with the