On Tue, Nov 07, 2017 at 06:20:53PM +0000, Jeremy Rowley via dev-security-policy wrote:
> Hey everyone,
>
>
>
> Here's the DigiCert incident report about the ROCA fingerprints. Note that
> these were all issued by Symantec (ie, before the transaction closed).
>
>
>
> We became aware of the issue when it was posted to the mailing list.
> However, at that time, the certs were not operated by DigiCert. We became
> aware that DigiCert needed to take action on close (Nov 1). At that time,
> the new combined team launched an investigation to determine the impacted
> certs. Six certs were identified and revoked:
>
>
>
>
> 4a907fbfc90eb043c50c9c8ace6305a1
>
>
> 8008c178d0d4cd3d79acc09f6ac132c
>
>
> 2dab9a2d40a2f55c5d705551cf7cafe5
>
>
> 306b67f5c25ee0fd495d2be88979eb72
>
>
> 7c7b826b183093ba1e5b9850ac31d806
>
>
> 4c834767e44ecbd0cdef8e60c04dcf32
>
>
>
> These certs were all revoked around Nov 3, within 24 hours of identifying
> the impacted certs at DigiCert.
>
>
>
> Jeremy
>
> _______________________________________________
> dev-security-policy mailing list
>
dev-secur...@lists.mozilla.org