On Mon, Mar 23, 2020 at 06:15:00PM +, Jeremy Rowley wrote:
> There are two things worth discussing in general:
>
> 1. I’m very interested in seeing the Let’s Encrypt response to this issue
> since the biggest obstacle in trying to find all of the keys with the same
> private key is the sheer
On Mon, Mar 23, 2020 at 12:53:43PM -0400, Ryan Sleevi wrote:
> To make sure I understand the timeline correctly:
> 2020-03-20 02:05:49 UTC - Matt reports SPKI 4310b6bc0841efd7fcec6ba0ed1f36
> e7a28bf9a707ae7f7771e2cd4b6f31b5af, associated with
> https://crt.sh/?id=1760024320 , as compromised
>
On Mon, Mar 23, 2020 at 03:01:34PM +, Jeremy Rowley wrote:
> Ryan's post was the part I thought was relevant, but I understood it
> differently. The cert was issued, but we should have now revoked it (24
> hours after receiving notice). I do see your interpretation though, and
> the language
the disclosures need to be affiliated
with actual certs.
From: Ryan Sleevi
Sent: Monday, March 23, 2020 10:54 AM
To: Jeremy Rowley
Cc: Matt Palmer ; Mozilla
Subject: Re: Digicert: failure to revoke certificate with previously
compromised key
On Mon, Mar 23, 2020 at 11:01 AM Jeremy Rowley via dev
On Mon, Mar 23, 2020 at 11:01 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hey Matt,
>
> Ryan's post was the part I thought was relevant, but I understood it
> differently. The cert was issued, but we should have now revoked it (24
> hours after
s. When did we
receive proof of key compromise? I'd say it's when all the CSRs finished
downloading. If that's not the case, then you are encouraging CAs to be myopic
in the way they accept key compromise information.
Jeremy
-Original Message-
From: dev-security-policy On
Behalf Of Matt P
On Mon, Mar 23, 2020 at 06:14:29AM +, Jeremy Rowley wrote:
> That's not the visible consensus IMO. The visible consensus is we need to
> revoke a cert that is key compromised once we're informed the key is
> compromised for that cert
>
: failure to revoke certificate with previously compromised key
Certificate https://crt.sh/?id=2606438724, issued either at 2020-03-21
00:00:00 UTC (going by notBefore) or 2020-03-21 01:56:31 UTC (going by SCTs),
is using a private key with SPKI
Certificate https://crt.sh/?id=2606438724, issued either at 2020-03-21
00:00:00 UTC (going by notBefore) or 2020-03-21 01:56:31 UTC (going by
SCTs), is using a private key with SPKI
4310b6bc0841efd7fcec6ba0ed1f36e7a28bf9a707ae7f7771e2cd4b6f31b5af, which was
reported to Digicert as compromised on
9 matches
Mail list logo
