subject:"Sectigo\: Failure to revoke certificate with previously\-compromised key within 24 hours"

Re: Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours

2020-03-28 Thread Wayne Thayer via dev-security-policy

I've created a bug to track this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1625715 - Wayne On Thu, Mar 26, 2020 at 11:33 PM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > At 2020-03-20 03:02:43 UTC, I sent a notification to sslab...@sectigo.com >

Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours

2020-03-26 Thread Matt Palmer via dev-security-policy

At 2020-03-20 03:02:43 UTC, I sent a notification to sslab...@sectigo.com that certificate https://crt.sh/?id=1659219230 was using a private key with SPKI fingerprint 4c67cc2eb491585488bab29a89899e4e997648c7047c59e99a67c6123434f1eb, which was compromised due to being publicly disclosed. My e-mail