Acceptable forms of evidence for key compromise

The BRs, in s4.9.1.1, say: > The CA SHALL revoke a Certificate within 24 hours if one or more of the > following occurs: > > [...] > 3. The CA obtains evidence that the Subscriber's Private Key > corresponding to the Public Key in the Certificate suffered a Key > Compromise I've come to have some

Re: Acceptable forms of evidence for key compromise

On Sun, Mar 1, 2020 at 9:49 PM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The BRs, in s4.9.1.1, say: > > > The CA SHALL revoke a Certificate within 24 hours if one or more of the > > following occurs: > > > > [...] > > 3. The CA obtains evidence that the

Re: Acceptable forms of evidence for key compromise

On Sun, Mar 01, 2020 at 11:14:12PM -0500, Ryan Sleevi wrote: > On Sun, Mar 1, 2020 at 9:49 PM Matt Palmer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > The BRs, in s4.9.1.1, say: > > > > > The CA SHALL revoke a Certificate within 24 hours if one or more of the > > >

Sectigo: Failure to process revocation request within 24 hours

Between 26 Feb 2020 00:48:11 UTC and 26 Feb 2020 21:10:18 UTC, I sent three Certificate Problem Reports to sslab...@sectigo.com, reporting that certificates issued by then were using keys which have been compromised due to being publicly disclosed. As of the time of writing, I have not received a