https://crt.sh is down. Maybe someone can check with comodo to see whether they got DDOSed?
Here are the Google CT for the possibly mis-issued certs mentioned in this thread. It would be a lot harder to take down the Google CT. Possible fake cert for Github https://www.google.com/transparencyreport/https/ct/#domain=github.io&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D Possible fake cert for Alibaba, the largest commercial site in China https://www.google.com/transparencyreport/https/ct/#domain=alicdn.com&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D Possible fake cert for Microsoft https://www.google.com/transparencyreport/https/ct/#domain=cloudapp.net&incl_exp=false&incl_sub=false&issuer=lPrsb9Gbn4s%3D _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
