Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sun, Mar 22, 2020 at 07:47:49AM +0100, Hanno Böck via dev-security-policy wrote: > FWIW: Given that with the private key it's easily possible to revoke > certificates from Let's Encrypt I took the key yesterday and iterated > over all of them and called the revoke command of certbot. Yes, I

Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sat, 21 Mar 2020 19:20:27 + Nick Lamb via dev-security-policy wrote: > Rather than mint an RSA key pair and self-signed certificate to > bootstrap each install, they just supply a (presumably randomly > generated) key and certificate right in the install data. FWIW: Given that with the

Re: Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sat, Mar 21, 2020 at 07:20:27PM +, Nick Lamb wrote: > On Sat, 21 Mar 2020 13:40:21 +1100 > Matt Palmer via dev-security-policy > wrote: > > There's also this one, which is another reuse-after-revocation, but > > the prior history of this key suggests that there's something *far* > > more

Paessler (was Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours)

On Sat, 21 Mar 2020 13:40:21 +1100 Matt Palmer via dev-security-policy wrote: > Oh the facepalm, it burns (probably too much hand sanitizer)... let > me try that again. Use soap and water where practical. And, as the BBC Comedy TV show "That Mitchell & Webb Look" put it many years ago "Remain