

Despite heartbleed: Certification revocation refused - mrsaint
https://www.zeitgeist.se/2014/04/12/despite-heartbleed-certification-revocation-refused/

======
mrsaint
To reissue a cert without revoking the previous one is like a half-baked cake.
Actually, more like a cake that was never placed in the oven - a complete mess
of runny eggs with dry flour and inedible. As long as they don't revoke the
cert, the attacker could still use it along with its private key (which they
potentially stole from you) to do an MITM attack.

It doesn't make sense.

What if a party is harmed by the compromised certificate? Legally whose fault
is it if the CA replaced the compromised certificate but failed to revoke it
as well?

------
claudius
This looks like an excellent opportunity to weed out bad CAs and drop them
from the trust stores. :)

