I think I have asked two reasonable questions here.
Can we get an answer?

On Tue, 4 Oct 2016 14:33:38 +0200
Hanno Böck <ha...@hboeck.de> wrote:

> There seem to be more certificates of that kind that weren't mentioned
> in the incident report. Here's a .re / www.re certificate (expired
> 2015):
> https://crt.sh/?id=4467456
> Has comodo checked its systems for other certificates of that kind?
> Can you provide a full list of all such certificates?
> Also my understanding is that the error here was that control over the
> www.[domain] subdomain would indicate control over [domain]. Does that
> mean that this bug could've been used to also get wildcard
> certificates in the form of *.[tld]?

Hanno Böck

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: pgpEhCBg0LpHm.pgp
Description: OpenPGP digital signature

dev-security-policy mailing list

Reply via email to