I notice that on https://crt.sh/mozilla-onecrl there are lots of certificates that have recently been added to OneCRL from the .tg TLD (Togo), including ones for high-profile domains such as google.tg. The issuances occurred 3 days ago, on 1st November.
I don't see a thread already for this here, or on https://letsencrypt.org/blog/ so I thought I would start one. >From the check-in comment "registry problems", I assume that this is a problem >with the TLD rather than with Let's Encrypt. As OneCRL and CRLSets are public this information is being noticed. There is likely a large overlap between the people that read this group and the people that monitor those lists. That said, be mindful of posting any specific technical vulnerabilities or exploits which may not yet be patched. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
