Educause Security Discussion mailing list archives
Re: Detecting Certificate Authority compromises and web browser collusion
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 25 Mar 2011 08:49:19 -0400
On Thu, 24 Mar 2011 23:21:46 CDT, Jesse Thompson said:
A short summary of the story: A Comodo reseller account was compromised and some certificates were issued that could be used to spoof high-value websites. Comodo has revoked the certificates and communicated details of the incident in a blog post (see below).Although, I do find it interesting that "Comodo has revoked the certificates" carries little weight if you follow the author's argument that the certificate revocation system is ineffective.
I heard mention that the fact that no requests for the CRL list had been received was used as an indication that the certificates had not been used. I won't name the offenders, so they get a freebie chance to walk that one back before anybody notices...
Attachment:
_bin
Description:
Current thread:
- Detecting Certificate Authority compromises and web browser collusion Jesse Thompson (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Dean Woodbeck (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Valdis Kletnieks (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Jack Suess (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Jesse Thompson (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Valdis Kletnieks (Mar 25)
- Re: Detecting Certificate Authority compromises and web browser collusion Valdis Kletnieks (Mar 24)
- Re: Detecting Certificate Authority compromises and web browser collusion Dean Woodbeck (Mar 24)