|
|
|
|
|
|
by twiss
1250 days ago
|
|
|
Sectigo might be required to revoke them, then? There doesn't seem to be a requirement for the compromise to be Sectigo's fault, according to my reading of the Baseline Requirements [1]: > The CA SHOULD revoke a certificate within 24 hours and MUST revoke a Certificate
within 5 days if one or more of the following occurs: (...) > 16. The CA is made aware of a demonstrated or proven method that exposes the
Subscriber’s Private Key to compromise or if there is clear evidence that the specific
method used to generate the Private Key was flawed. [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-... |
|
|