Thank you to everyone who has been looking into the .tg Registry problem
and providing valuable information. I greatly appreciate all of your
efforts!
I have updated the related action item in the November CA Communication
to reflect the dates that we believe the .tg Registry was having
problems with NS Records.
~~
ACTION 8: Check for issuance of certificates containing .tg domains from
October 25 to November 11, 2017.
We believe that the .tg Registry was compromised from October 25 to
November 10, 2017, such that a perpetrator set the Name Server (NS)
Records for some domains to name servers controlled by them, and then
successfully obtained certificates for those domains.
Please check the certificates containing .tg domains that chain up to
your root certificates included in Mozilla's program to ensure that the
certificate subscriber actually owns the domains included in their
certificate.
Response Options:
- There are no certificates containing .tg domains that chain up to our
root certificates included in Mozilla's program.
- There are certificates containing .tg domains that chain up to our
root certificates included in Mozilla's program, but there were no new
validations on .tg domains from October 25 to November 11, 2017.
- There are certificates containing .tg domains that chain up to our
root certificates included in Mozilla's program, and we have re-verified
the certificates that were issued for .tg domains from October 25 to
November 11, 2017, and no problems were found.
- We have revoked certificates containing .tg domains that were issued
between October 25 and November 11, 2017, and have sent information
about these revoked certificates to Mozilla.
- Other - explain
~~
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
