> On 6/30/16 8:30 AM, Rob Stradling wrote: > > https://www.computest.nl/blog/startencrypt-considered-harmful-today/ > > > > Eddy, is this report correct? Are you planning to post a public > > incident report? > > Does StartCom honor CAA? > > Does StartCom publish to CT logs? > > How many mis-issued certs were obtained by the researchers? Has there > been an investigation to see if there were similarly mis-issued certs > prior to this report? > > Have those certs been revoked? > > -Dan Veditz >
The certificates we had issuedto us as proof of concept (only for our own domains), were not revoked and we don't see them in the CT logs. However, we informed StartCom that we had only issued certificates for domains under our control, so I can imagine no red flags were raised by their helpdesk. Kind regards, Christiaan Ottow CTO Security Computest • Pine Digital Security M: +31 (0) 6 51997213 • T: +31 (0) 88 7331337 E: [email protected] • I: www.computest.nl A: Signaalrood 25 • 2718 SH Zoetermeer P: https://www.pine.nl/4eo3UYWmU.asc Pine Digital Security is part of Computest
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
