Hacker News new | comments | show | ask | jobs | submit login

Several of my customers were hit by this. What concerns me possibly even more is that GoDaddy, having revoked the certificates, then managed to "un-revoke" them on request with a grace period. This is unsettling, it's not how the CRL system is supposed to work!

That's... troubling. You should consider mentioning it on the mozilla.dev.security.policy thread:


EDIT: GoDaddy themselves say they will never do this:


"The process cannot be reversed."

The first part of the story definitely checks out

https://crt.sh/?id=29236482 This certificate absolutely was revoked by GoDaddy

However, that certificate is _still_ revoked right now. A _new_ certificate for the same names was issued on the 12th of January, presumably once the re-validation was completed. This isn't in violation of any policies. Sites on that new certificate such as https://royalduchy.co.uk/ do indeed work fine.

Can you update the medium story to reflect this? I mean, not your feelings about GoDaddy, say whatever you feel, but the facts aren't as portrayed in that story so far as I am able to see.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact