Re: Whoa, more fake web SSL certificates

---

• From: Gordon Burditt <gordon@xxxxxxxxxxxxxxxxx>
• Date: Thu, 24 Mar 2011 12:58:38 -0500

---

Somebody hacked a Comodo RA to get Comodo to issue SSL certs with
google.com, yahoo.com, skype.com, and addons.mozilla.org. Yow.

http://threatpost.com/en_us/blogs/phony-web-certificates-issued-google-yahoo-skype-others-032311

Ok, so why has not the parent CA of Comodo revoked Comodo's certificate
yet, on confirmation that it issued an invalid cert? (This should
be done before it is determined *what* invalid certs were issued
or whether or not it has a complete list of them).

It (the parent) could re-issue a new cert if it's laster determined
that Comodo is not outrageously insecure (requiring that Comodo
re-issue all of its certs).

.

---

• References:
  • A Souvenir of Cryptography.
    • From: adacrypt
  • Re: A Souvenir of Cryptography.
    • From: David Eather
  • Re: A Souvenir of Cryptography.
    • From: Bruce Stephens
  • Whoa, more fake web SSL certificates
    • From: Paul Rubin

• Prev by Date: Re: Break in at RSA
• Next by Date: Re: hash function Shahaha
• Previous by thread: Re: Whoa, more fake web SSL certificates
• Next by thread: Re: A Souvenir of Cryptography.
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2011-03