Hi Hanno. The questions that you and others have posted are entirely reasonable. Sorry for the delay. Robin intends to post a reply this week.
On 15/10/16 16:56, Hanno Böck wrote: > Hello, > > I think I have asked two reasonable questions here. > Can we get an answer? > > On Tue, 4 Oct 2016 14:33:38 +0200 > Hanno Böck <ha...@hboeck.de> wrote: > >> There seem to be more certificates of that kind that weren't mentioned >> in the incident report. Here's a .re / www.re certificate (expired >> 2015): >> https://crt.sh/?id=4467456 >> >> Has comodo checked its systems for other certificates of that kind? >> Can you provide a full list of all such certificates? >> >> >> Also my understanding is that the error here was that control over the >> www.[domain] subdomain would indicate control over [domain]. Does that >> mean that this bug could've been used to also get wildcard >> certificates in the form of *.[tld]? -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy