Re: Whoa, more fake web SSL certificates
- From: Gordon Burditt <gordon@xxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Mar 2011 12:58:38 -0500
Somebody hacked a Comodo RA to get Comodo to issue SSL certs with
google.com, yahoo.com, skype.com, and addons.mozilla.org. Yow.
Ok, so why has not the parent CA of Comodo revoked Comodo's certificate
yet, on confirmation that it issued an invalid cert? (This should
be done before it is determined *what* invalid certs were issued
or whether or not it has a complete list of them).
It (the parent) could re-issue a new cert if it's laster determined
that Comodo is not outrageously insecure (requiring that Comodo
re-issue all of its certs).