Hi Hanno.  The questions that you and others have posted are entirely
reasonable.  Sorry for the delay.  Robin intends to post a reply this week.

On 15/10/16 16:56, Hanno Böck wrote:
> Hello,
> I think I have asked two reasonable questions here.
> Can we get an answer?
> On Tue, 4 Oct 2016 14:33:38 +0200
> Hanno Böck <ha...@hboeck.de> wrote:
>> There seem to be more certificates of that kind that weren't mentioned
>> in the incident report. Here's a .re / www.re certificate (expired
>> 2015):
>> https://crt.sh/?id=4467456
>> Has comodo checked its systems for other certificates of that kind?
>> Can you provide a full list of all such certificates?
>> Also my understanding is that the error here was that control over the
>> www.[domain] subdomain would indicate control over [domain]. Does that
>> mean that this bug could've been used to also get wildcard
>> certificates in the form of *.[tld]?

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
dev-security-policy mailing list

Reply via email to