Re: [keyassure] Mis-issued certs for Google / Yahoo / Skype, etc.

Ondřej Surý <ondrej.sury@nic.cz> Thu, 31 March 2011 17:06 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A50E3A6A63 for <keyassure@core3.amsl.com>; Thu, 31 Mar 2011 10:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2mNQoQ94t72F for <keyassure@core3.amsl.com>; Thu, 31 Mar 2011 10:06:56 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by core3.amsl.com (Postfix) with ESMTP id 7875D3A6A33 for <keyassure@ietf.org>; Thu, 31 Mar 2011 10:06:56 -0700 (PDT)
Received: from [IPv6:2001:df8:0:96:221:6aff:fe5b:b80] (unknown [IPv6:2001:df8:0:96:221:6aff:fe5b:b80]) by mail.nic.cz (Postfix) with ESMTPSA id E014F2A29DA for <keyassure@ietf.org>; Thu, 31 Mar 2011 19:08:33 +0200 (CEST)
Message-ID: <4D94B511.3080803@nic.cz>
Date: Thu, 31 Mar 2011 19:08:33 +0200
From: =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej.sury@nic.cz>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110307 Thunderbird/3.1.9
MIME-Version: 1.0
To: keyassure@ietf.org
References: <A353A62B-E386-44CF-A740-C49CCE9133B5@kumari.net>
In-Reply-To: <A353A62B-E386-44CF-A740-C49CCE9133B5@kumari.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Subject: Re: [keyassure] Mis-issued certs for Google / Yahoo / Skype, etc.
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2011 17:06:58 -0000

On 24.3.2011 09:17, Warren Kumari wrote:
> I'm assuming everyone has already seen this, but on the off-chance that you haven't:
>
> http://threatpost.com/en_us/blogs/phony-web-certificates-issued-google-yahoo-skype-others-032311#
>
> Being able to state "That ain't my cert" is one of the drivers for this work....

And there is a follow-up:

http://www.h-online.com/security/news/item/Comodo-two-more-resellers-were-compromised-1218517.html

O.
-- 
  Ondřej Surý
  vedoucí výzkumu/Head of R&D department
  -------------------------------------------
  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
  Americka 23, 120 00 Praha 2, Czech Republic
  mailto:ondrej.sury@nic.cz    http://nic.cz/
  tel:+420.222745110       fax:+420.222745112
  -------------------------------------------