?
Why couldn't I use the ACME account key to revoke a compromised certificate?
I thought the bug was allowing the use of proof of control of all SANs for revocation.
Admittedly, this wording in Change in Revocation Methods Due to a (now patched) ACME bug supports the confusion:
That statement makes no mention of the ACME account key at all. I think it should.
Exactly my concern. Of course, the ACME account key sitting on that server is likely compromised right along with the certificate private key. 