Y
Hacker News
new
|
ask
|
show
|
jobs
by
thayne
422 days ago
Have they started revoking invalid certs?
1 comments
voxic11
422 days ago
You can see the cert was revoked here
https://crt.sh/?id=17926238129
link
progbits
422 days ago
Unclear who revoked that but I think it likely was the reporter who discovered the bug. They only needed it issued & logged as evidence, and would be good practice to revoke immediately.
link
mcpherrinm
421 days ago
The certificate remained unrevoked in OCSP until after SSL.com acknowledged the issue, so I don’t think the reporter was the one who had it revoked.
It is also possible I was being served a stale/cached OCSP response.
link