Re: GoDaddy: Failure to revoke key-compromised certificate within 24 hours

Matt, Our investigation reopened at March 9, 9:36 AM based on the information you provided in this forum. We were able to research and run appropriate testing which led to evidence of key compromise being determined March 9, 10:24 AM. We continued our diligence in accordance with the Baseline

Re: GoDaddy: Failure to revoke key-compromised certificate within 24 hours

Matt, Thank you for sharing your experience with our problem reporting mechanism on this forum. It is due to this that we were able to get to the root of the issue. Here is some detail into what we saw. Yesterday, we launched an investigation which included various members of the team

Re: GoDaddy Underscore Revocation Disclosure

I agree on the surface this bug appears to be the same, but the root cause is a different. The issue for bug 1462844 was a specific status not counting as active when it was. To mitigate this issue, we updated the query to include the missing status. However, we are in the process of

GoDaddy Underscore Revocation Disclosure

GoDaddy received a certificate problem report on 1/29/2019 for 2 unrevoked unexpired certificates have underscores in the DNS name that did not meet the January 15th deadline for revocation. The certificates reported are as follows: https://crt.sh/?opt=zlint=626981823

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

Questions about blank sections, thinking of a potential future requirement. Sections such as 1.INTRODUCTION would remain blank as they are more titles than components, correct? If no sections are allowed to be blank does this include both levels of components such as 1.4 and 1.4.1? Also,

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

On Thursday, October 18, 2018 at 5:47:14 PM UTC-7, Jakob Bohm wrote: > On 15/10/2018 20:01, Kathleen Wilson wrote: > > I have added the following section to the Required Practices wiki page: > > > >

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

On Monday, October 15, 2018 at 11:23:05 AM UTC-7, Kathleen Wilson wrote: > On 10/15/18 11:01 AM, Kathleen Wilson wrote: > > I have added the following section to the Required Practices wiki page: > > > >

Re: GoDaddy Revocations Due to a Variety of Issues

On Friday, July 20, 2018 at 9:39:04 PM UTC-7, Peter Bowen wrote: > On Fri, Jul 20, 2018 at 6:39 PM Daymion Reynolds via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > The certificates were identified by analyzing results from both zlint and > > certlint. We also

Re: Namecheap refused to revoke certificate despite domain owner changed

In light of the limited visibility of WHOIS, Wayne's suggestion of "... allow anyone to revoke by proving that they control the domain name using one of the BR 3.2.2.4 methods" is preferable as it is a bit more encompassing rather than restricting to to same validation process. This also