Rob Stradling <[email protected]> wrote: >> 2. An attack where CA B (mistakenly) issues a certificate for corp.example, >> when it should have been CA A is called... ??? >> I know it as Comodo-Gate.
> (Your question almost identified an answer 😉 )
Almost, but not quite.
> CAA (RFC6844, obsoleted by RFC8659), which was one good thing that came
> out of the Comodo-gate incident, helps to defend against exactly this
> sort of attack. (From the Abstract: "CAA Resource Records allow a
> public CA to implement additional controls to reduce the risk of
> unintended certificate mis-issue").
Yes, so it defends against an attack that is never actually named.
At best, I guess this is a "mis-issue attack"
Thank you for the pointer though.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
