A certificate with a publicly-disclosed private key was reported to
GlobalSign for revocation within the BR-mandated 24 hour period, however the
revocation took place over 46 hours after the report was sent. Several
requests for information I had already provided were made by GlobalSign,
however
Hi Joanna,
Thanks for responding. When can this list, or Bugzilla, expect GoDaddy's
incident report? Also, for the avoidance of further doubt, can you give an
exact timestamp at which GoDaddy considers that evidence of key compromise
was "obtained" for this certificate?
- Matt
On Mon, Mar 09,
On Mon, Mar 09, 2020 at 11:48:40AM -0700, Kathleen Wilson via
dev-security-policy wrote:
> ==Bad==
This is a *very* long list of bad things. Based on this list alone I think
it would be reasonable for Mozilla to reject this application. I'd like to
highlight the things that are practically
Matt,
Thank you for sharing your experience with our problem reporting mechanism on
this forum. It is due to this that we were able to get to the root of the
issue. Here is some detail into what we saw.
Yesterday, we launched an investigation which included various members of the
team
On Sun, 8 Mar 2020 10:57:49 +1100
Matt Palmer via dev-security-policy
wrote:
> > The fingerpint of the claimed Debian weak key was not included in
> > our database.
>
> I think it's worth determining exactly where SSL.com obtained their
> fingerprint database of weak keys. The private key in
This request is for inclusion of the Microsec e-Szigno Root CA 2017
trust anchor and to EV-enable the currently included Microsec e-Szigno
Root CA 2009 trust anchor as documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1445364
BR Self Assessment is here:
On 07/03/2020 23:57, Matt Palmer via dev-security-policy wrote:
As further independent confirmation, the crt.sh page for the certificate
shows that crt.sh *also* identifies the certificate as having a Debian weak
key. My understanding is that crt.sh uses a database of keys that was
7 matches
Mail list logo