Remix clone Hacker News

new | show | ask | jobs Github

▲

thayne 3 days ago

Have they started revoking invalid certs?

▲

voxic11 3 days ago | parent [-]

You can see the cert was revoked here https://crt.sh/?id=17926238129

▲

progbits 3 days ago | parent [-]

Unclear who revoked that but I think it likely was the reporter who discovered the bug. They only needed it issued & logged as evidence, and would be good practice to revoke immediately.

	▲	mcpherrinm 3 days ago \| parent [-]
		The certificate remained unrevoked in OCSP until after SSL.com acknowledged the issue, so I don’t think the reporter was the one who had it revoked. It is also possible I was being served a stale/cached OCSP response.