Thanks. We've revoked the cert and are looking into what happened and will post
more information as we figure out what happened.
-Original Message-
From: dev-security-policy On
Behalf Of Hanno Böck via dev-security-policy
Sent: Friday, August 17, 2018 7:16 PM
To:
Hi,
Some of you may remember the discussion about embedded private keys in
Blizzard's battle.net software here:
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/pk039T_wPrI/VYi629oGCwAJ
One of the certificates with a compromised key back then was issued by
Digicert:
Revoke Disclosure
GoDaddy has been proactively performing self-audits. As part of this process,
we identified a vulnerability in our code that would allow our validation
controls to be bypassed. This bug would allow for a Random Value that was
generated for intended use with Method 3.2.2.4.6
On Friday, August 17, 2018 at 2:01:55 AM UTC-5, Peter Gutmann wrote:
> That was actually debated by one country, that whenever anyone bought a domain
> they'd automatically get a certificate for it included. Makes perfect sense,
> owning the domain is a pretty good proof of ownership of the
On Thursday, August 16, 2018 at 6:18:47 PM UTC-5, Jakob Bohm wrote:
> The main cause of this seems to be that CT has allowed much more
> vigorous prosecution of even the smallest mistake. Your argument
> is a sensationalist attack on an thoroughly honest industry.
I certainly didn't mean it as
Matthew Hardeman via dev-security-policy
writes:
>What if the various user agents' root programs all lobbied ICANN to impose a
>new technical requirement upon TLD REGISTRY operators?
That was actually debated by one country, that whenever anyone bought a domain
they'd automatically get a
6 matches
Mail list logo