* Jürgen Brauckmann: > Cloudflare set up a challenge with nginx on Ubuntu. Seems some > people succeeded in extracting the servers private key: > > https://www.cloudflarechallenge.com/heartbleed
FWIW, I've asked Comodo to revoke the Cloudflare certificate due to this compromise. The challenge itself is probably against the subscriber agreement, but that is an internal matter between Cloudflare and Comodo. On the other hand, I do think that a rule that requires CAs to revoke keys against the subscriber's will can be problematic. But nevertheless, it's a rule, and we'll see if all those costly audits are good at ensuring that CAs follow it. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
