Hello, I think I have asked two reasonable questions here. Can we get an answer?
On Tue, 4 Oct 2016 14:33:38 +0200 Hanno Böck <ha...@hboeck.de> wrote: > There seem to be more certificates of that kind that weren't mentioned > in the incident report. Here's a .re / www.re certificate (expired > 2015): > https://crt.sh/?id=4467456 > > Has comodo checked its systems for other certificates of that kind? > Can you provide a full list of all such certificates? > > > Also my understanding is that the error here was that control over the > www.[domain] subdomain would indicate control over [domain]. Does that > mean that this bug could've been used to also get wildcard > certificates in the form of *.[tld]? -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpEhCBg0LpHm.pgp
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
