Hacker News new | comments | show | ask | jobs | submit login

Several of my customers were hit by this. What concerns me possibly even more is that GoDaddy, having revoked the certificates, then managed to "un-revoke" them on request with a grace period. This is unsettling, it's not how the CRL system is supposed to work!



That's... troubling. You should consider mentioning it on the mozilla.dev.security.policy thread:

https://groups.google.com/forum/#!topic/mozilla.dev.security...

EDIT: GoDaddy themselves say they will never do this:

https://www.godaddy.com/help/revoke-a-certificate-4747

"The process cannot be reversed."



The first part of the story definitely checks out

https://crt.sh/?id=29236482 This certificate absolutely was revoked by GoDaddy

However, that certificate is _still_ revoked right now. A _new_ certificate for the same names was issued on the 12th of January, presumably once the re-validation was completed. This isn't in violation of any policies. Sites on that new certificate such as https://royalduchy.co.uk/ do indeed work fine.

Can you update the medium story to reflect this? I mean, not your feelings about GoDaddy, say whatever you feel, but the facts aren't as portrayed in that story so far as I am able to see.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: