undefined | Better HN

0 pointsprogbits11mo ago0 comments

Unclear who revoked that but I think it likely was the reporter who discovered the bug. They only needed it issued & logged as evidence, and would be good practice to revoke immediately.

0 comments

mcpherrinm11mo ago

The certificate remained unrevoked in OCSP until after SSL.com acknowledged the issue, so I don’t think the reporter was the one who had it revoked.

It is also possible I was being served a stale/cached OCSP response.

j / k navigate · click thread line to collapse

0 pointsprogbits11mo ago0 comments

Unclear who revoked that but I think it likely was the reporter who discovered the bug. They only needed it issued & logged as evidence, and would be good practice to revoke immediately.

0 comments

mcpherrinm11mo ago

The certificate remained unrevoked in OCSP until after SSL.com acknowledged the issue, so I don’t think the reporter was the one who had it revoked.

It is also possible I was being served a stale/cached OCSP response.

j / k navigate · click thread line to collapse