Thanks for the clarification, Phillip. m
On Mar 24, 2011, at 10:06 AM, Phillip Hallam-Baker wrote: > No login servers were affected. > > Several domains on which the servers are deployed were affected but not the > login servers. > > > > On Thu, Mar 24, 2011 at 12:48 PM, Mike Hanson <[email protected]> wrote: > Comodo has posted a detail incident report here: > http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html > > Several login servers were affected. > > -MH > > > On Mar 24, 2011, at 7:09 AM, John Bradley wrote: > > > > > > > http://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular > > > > The browser venders blocking those certificates is nice, however there are > > attacks on RP that could be done with those certificates that are still > > open. > > > > In testing something like 0% of RP check OCSP or CRL, the libs don't force > > openSSL to so those checks (I think DNOA will do them in FICAM mode) > > > > So perhaps encouraging people to perform those checks would be a good idea. > > > > We can only hope that none of the 9 certificates cover openID OP, otherwise > > user accounts at RP could theoretically be compromised. > > > > John B. > > > > > > _______________________________________________ > > security mailing list > > [email protected] > > http://lists.openid.net/mailman/listinfo/openid-security > > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security > > > > -- > Website: http://hallambaker.com/ >
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
