[SSL Observatory] Has Law Enforcement ever forced a revocation of a SSL Certificate?

[Tom Ritter]

Hello all,

I was perusing the draft Baseline Requirements from the CA/Browser
Forum, and ran across this mention:

> The CA MUST begin investigation of a Certificate Problem Report within twenty-four hours of receipt, and
> decide whether revocation or other appropriate action is warranted based on at least the following criteria:
> ...
> The type of the complainants (for example, a complaint from a law enforcement official that a Web site is
> engaged in illegal activities should carry more weight than a complaint from a consumer alleging that
> she didn't receive the goods she ordered)

As we all know, any notions of "illegal activities" get tricky when
we're dealing internationally.  And with the US DOJ seizing domains
names, including one previously proven in court to be be legal[1]... I
was wondering if anyone was aware of any government compelling,
pressuring, or asking a CA to revoke a certificate it had issued?
Possible involving the CA being in a different jurisdiction from the
offending subject.  They've revoked universally-considered 'bad'
certificates before[2], but what about non-universally-considered?

-tom

[1] http://www.techdirt.com/articles/20110201/10252412910/homeland-security-seizes-spanish-domain-name-that-had-already-been-declared-legal.shtml
[2] http://nakedsecurity.sophos.com/2010/09/13/certificate-verisign-revokes-cert-malware-fiends/