Off topic: Comodo

Gary E. Miller gem at rellim.com
Tue Mar 5 00:15:04 UTC 2019


Yo James!

On Mon, 4 Mar 2019 15:38:00 -0800
James Browning via devel <devel at ntpsec.org> wrote:

> On Mon, Mar 4, 2019, 1:48 PM Gary E. Miller via devel
> <devel at ntpsec.org> wrote:
> 
> > Yo Matthew!
> >
> > On Mon, 4 Mar 2019 21:35:14 +0000
> > Matthew Selsky <Matthew.Selsky at twosigma.com> wrote:
> >  
> > > On Mon, Mar 04, 2019 at 12:11:07PM -0800, Gary E. Miller via devel
> > > wrote:
> > >  
> > > > Given the Comodo mess of last week I expect a lot more people
> > > > will want to do pinning next month.  
> > >
> > > Do you have a reference for this mess?  
> >
> >
> > Very long NANOG thread:
> >
> > https://mailman.nanog.org/pipermail/nanog/2019-February/099719.html  
> 
> 
> TLDR there was an EPP takeover by crackers unknown. Let's Encrypt and
> Comodo apparently were fooled into signing bad TLS cert and while
> Let's Encrypt is trying to do better Comodo was apparently like meh,
> what ever. Spawn ridiculously long thread, DANE. SPF whatever.

To me, the take home is that LE was not tricked into signing bad
certs if the victim had DNSSEC deployed.  Comodo got tricked even
when DNSSEC was on.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190304/5195bc6a/attachment.bin>


More information about the devel mailing list