Re: Namecheap refused to revoke certificate despite domain owner changed

Official reply from Comodo: We do not normally intervene on behalf of our resellers, however we expedited this matter for you by revoking the certificate on June 4, 2018. Unfortunately, our ticketing system failed to deliver a templated Notification Of Revocation email to you on the same date.

Re: Namecheap refused to revoke certificate despite domain owner changed

Howdy, An update to the situation. Mr. Rob Stradling replied me on Twitter saying that the issue has been resolved last week. After checking with crt.sh, It does seems to be revoked on 2018-06-04 12:54:09 UTC, sadly, with no response from Comodo or Namecheap, so I did not know it happended.

Re: Namecheap refused to revoke certificate despite domain owner changed

Howdy, Thank you all for the discussions around this topic, just a quick update on the situation. Following Jakob's advice, I have notified both Comodo and Namecheap that under BR, they needed to revoke that specific certificate I brought up. So far, Comodo's SSL Abuse Dept. (

Re: Namecheap refused to revoke certificate despite domain owner changed

On 01/06/2018 21:01, Wayne Thayer wrote: On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: Please contact the CA again, and inform them that BR 4.9.1.1 #6 requires the CA (not some reseller) to revoke the certificate within 24

Re: Namecheap refused to revoke certificate despite domain owner changed

On 01/06/2018 22:39, Joanna Fox wrote: In light of the limited visibility of WHOIS, Wayne's suggestion of "... allow anyone to revoke by proving that they control the domain name using one of the BR 3.2.2.4 methods" is preferable as it is a bit more encompassing rather than restricting to to

RE: Namecheap refused to revoke certificate despite domain owner changed

June 1, 2018 5:17 PM To: Jeremy Rowley Cc: mozilla-dev-security-policy ; Jakob Bohm ; Wayne Thayer Subject: Re: Namecheap refused to revoke certificate despite domain owner changed On Fri, Jun 1, 2018 at 2:38 PM, Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org

RE: Namecheap refused to revoke certificate despite domain owner changed

the CA from supporting it. From: Ryan Sleevi Sent: Friday, June 1, 2018 4:08 PM To: Jeremy Rowley Cc: r...@sleevi.com; Wayne Thayer ; Jakob Bohm ; mozilla-dev-security-policy Subject: Re: Namecheap refused to revoke certificate despite domain owner changed Yes, as mentioned

Re: Namecheap refused to revoke certificate despite domain owner changed

On Fri, Jun 1, 2018 at 2:38 PM, Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > This is one of the reasons I think we should require an OID specifying the > validation method be included in the cert. Then you can require the CA > support revocation using

Re: Namecheap refused to revoke certificate despite domain owner changed

.com>; mozilla-dev-security-policy < > mozilla-dev-security-pol...@lists.mozilla.org> > > *Subject:* Re: Namecheap refused to revoke certificate despite domain > owner changed > > > > You know I'm strongly supportive of requiring disclosure of validation > methods,

RE: Namecheap refused to revoke certificate despite domain owner changed

-security-policy Subject: Re: Namecheap refused to revoke certificate despite domain owner changed You know I'm strongly supportive of requiring disclosure of validation methods, for the many benefits it brings, I'm not sure how that would address the concern. Consider a certificate

Re: Namecheap refused to revoke certificate despite domain owner changed

In light of the limited visibility of WHOIS, Wayne's suggestion of "... allow anyone to revoke by proving that they control the domain name using one of the BR 3.2.2.4 methods" is preferable as it is a bit more encompassing rather than restricting to to same validation process. This also

Re: Namecheap refused to revoke certificate despite domain owner changed

@lists.mozilla.org> On Behalf Of Wayne Thayer via > dev-security-policy > Sent: Friday, June 1, 2018 1:02 PM > To: Jakob Bohm > Cc: mozilla-dev-security-policy lists.mozilla.org> > Subject: Re: Namecheap refused to revoke certificate despite domain owner > changed >

RE: Namecheap refused to revoke certificate despite domain owner changed

refused to revoke certificate despite domain owner changed On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > Please contact the CA again, and inform them that BR 4.9.1.1 #6 > requires the CA (not some rese

Re: Namecheap refused to revoke certificate despite domain owner changed

On Fri, Jun 1, 2018 at 5:06 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > Please contact the CA again, and inform them that BR 4.9.1.1 #6 requires > the CA (not some reseller) to revoke the certificate within 24 hours if: > > The CA is made aware of

Re: Namecheap refused to revoke certificate despite domain owner changed

On 01/06/2018 06:22, Richard S. Leung wrote: I'm not sure if this is the appropriate place to post this topic, but I felt like this is important. I bought myself a new domain this month, and found out that there is a 3-year SSL certificate valid for my domain via crt.sh. Naturally I

Namecheap refused to revoke certificate despite domain owner changed

I'm not sure if this is the appropriate place to post this topic, but I felt like this is important. I bought myself a new domain this month, and found out that there is a 3-year SSL certificate valid for my domain via crt.sh. Naturally I contacted Comodo SSL Abuse Dept. and got redirected to