Official reply from Comodo:
We do not normally intervene on behalf of our resellers, however we expedited
this matter for you by revoking the certificate on June 4, 2018. Unfortunately,
our ticketing system failed to deliver a templated Notification Of Revocation
email to you on the same date.
Howdy,
An update to the situation.
Mr. Rob Stradling replied me on Twitter saying that the issue has been resolved
last week. After checking with crt.sh, It does seems to be revoked on
2018-06-04 12:54:09 UTC, sadly, with no response from Comodo or Namecheap, so I
did not know it happended.
Howdy,
Thank you all for the discussions around this topic, just a quick update on the
situation.
Following Jakob's advice, I have notified both Comodo and Namecheap that under
BR, they needed to revoke that specific certificate I brought up.
So far, Comodo's SSL Abuse Dept. (
On 01/06/2018 21:01, Wayne Thayer wrote:
On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Please contact the CA again, and inform them that BR 4.9.1.1 #6 requires
the CA (not some reseller) to revoke the certificate within 24
On 01/06/2018 22:39, Joanna Fox wrote:
In light of the limited visibility of WHOIS, Wayne's suggestion of "... allow anyone
to revoke by proving that they control the domain name using one of the BR 3.2.2.4
methods" is preferable as it is a bit more encompassing rather than restricting to
to
June 1, 2018 5:17 PM
To: Jeremy Rowley
Cc: mozilla-dev-security-policy
; Jakob Bohm
; Wayne Thayer
Subject: Re: Namecheap refused to revoke certificate despite domain owner
changed
On Fri, Jun 1, 2018 at 2:38 PM, Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org
the CA from supporting it.
From: Ryan Sleevi
Sent: Friday, June 1, 2018 4:08 PM
To: Jeremy Rowley
Cc: r...@sleevi.com; Wayne Thayer ; Jakob Bohm
; mozilla-dev-security-policy
Subject: Re: Namecheap refused to revoke certificate despite domain owner
changed
Yes, as mentioned
On Fri, Jun 1, 2018 at 2:38 PM, Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> This is one of the reasons I think we should require an OID specifying the
> validation method be included in the cert. Then you can require the CA
> support revocation using
.com>; mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>
>
> *Subject:* Re: Namecheap refused to revoke certificate despite domain
> owner changed
>
>
>
> You know I'm strongly supportive of requiring disclosure of validation
> methods,
-security-policy
Subject: Re: Namecheap refused to revoke certificate despite domain owner
changed
You know I'm strongly supportive of requiring disclosure of validation methods,
for the many benefits it brings, I'm not sure how that would address the
concern.
Consider a certificate
In light of the limited visibility of WHOIS, Wayne's suggestion of "... allow
anyone to revoke by proving that they control the domain name using one of the
BR 3.2.2.4 methods" is preferable as it is a bit more encompassing rather than
restricting to to same validation process. This also
@lists.mozilla.org> On Behalf Of Wayne Thayer via
> dev-security-policy
> Sent: Friday, June 1, 2018 1:02 PM
> To: Jakob Bohm
> Cc: mozilla-dev-security-policy lists.mozilla.org>
> Subject: Re: Namecheap refused to revoke certificate despite domain owner
> changed
>
refused to revoke certificate despite domain owner
changed
On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Please contact the CA again, and inform them that BR 4.9.1.1 #6
> requires the CA (not some rese
On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Please contact the CA again, and inform them that BR 4.9.1.1 #6 requires
> the CA (not some reseller) to revoke the certificate within 24 hours if:
>
> The CA is made aware of
On 01/06/2018 06:22, Richard S. Leung wrote:
I'm not sure if this is the appropriate place to post this topic, but I felt
like this is important.
I bought myself a new domain this month, and found out that there is a 3-year
SSL certificate valid for my domain via crt.sh.
Naturally I
I'm not sure if this is the appropriate place to post this topic, but I felt
like this is important.
I bought myself a new domain this month, and found out that there is a 3-year
SSL certificate valid for my domain via crt.sh.
Naturally I contacted Comodo SSL Abuse Dept. and got redirected to
16 matches
Mail list logo