Let's Encrypt has now received confirmation from CAFE Informatique & Télécom (.tg operators) that the .tg registry was compromised around Nov 1, 2017. Apparently a vulnerability in some front-end software ultimately allowed attackers to access and manipulate the registry database. CAFE Informatique & Télécom believes they have resolved the issues and stated that they are taking steps to further secure their infrastructure.
Let's Encrypt will resume issuance to .tg domains today, with additional monitoring of .tg domain issuance in place for a period of time in order to be confident that the fixes to .tg systems are effective. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy