These two certificates:
https://crt.sh/?id=2602048478&opt=ocsp
https://crt.sh/?id=2601324532&opt=ocsp
Were issued by Let's Encrypt more than 24 hours ago, and remain unrevoked,
despite the revocation of the below two certificates, which use the same
private key, for keyCompromise prior to the above two certificates being
issued:
https://crt.sh/?id=2602048478&opt=ocsp
https://crt.sh/?id=2599226028&opt=ocsp
As per recent discussions here on m.d.s.p, I believe this is a breach of BR
s4.9.1.1.
- Matt
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
