We had a conversation with the tg registry, and it looks like the TLD was compromised until Nov 10. Here's a snippet:
TG Registry (FR): Nous sommes C.A.F.E Informatique & Télécommunications, gestionnaire technique du .tg. Nous répondons à vos requêtes avec l'accord de l'ART&P, le gestionnaire administratif du .tg. TG Registry (EN): Were C.A.F.E Informatique & Télécommunications, technical manager of the .tg registry. We respond to your request in agreement with the Administrative Managers of ART&P. CAS (FR): On a ete informes quil y a quelque jours le bureau denregistrement pour lextension .tg a eu des problemes de securite. CAS (EN): Weve recently been informed that the .tg Registry experienced some security problems. TG Registry (FR): En effet, notre plateforme de gestion de noms de domaine a subi des attaques. Certaines attaques ont eu pour conséquence d'altérer les informations des noms de domaines appartenant à certains de nos clients. TG Registry (EN): In effect, our management platform for domain names suffered an attack. Some attacks did result in the alteration of domain name ownership records for some of our clients. CAS (FR): On a besoin de savoir exactement la nature de la probleme que vous avez eu. Aussi on a besoin de savoir quand le probleme a commence et quand a ete finalisee. CAS (EN): What was the exact nature of the problem? Also, we need to know when the problem started and when it was resolved? TG Registry (FR) : Nous avons eu une altération des informations des noms de domaines. Le problème a commencé le 01/11/2017. Il a été réglé et confirmé comme tel le 10/11/2017. TG Registry (EN): Alteration of domain name information were made. The problem started on 1 Nov 2017. We confirmed the problem was resolved 10 Nov 2017. Hope this helps! Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Kathleen Wilson via dev-security-policy Sent: Tuesday, November 14, 2017 9:31 AM To: [email protected] Subject: Re: .tg Certificates Issued by Let's Encrypt On 11/14/17 4:34 AM, [email protected] wrote: > > Do we believe that this issue has been resolved by the Registry and issuance an resume as normal, or are there ongoing concerns which CAs should be aware of when issuing certificates to .tg domains? > Based on information from folks that are monitoring their NS Records, we believe that the .tg Registry problems were fixed on November 1, and have remained fixed since then. I have not looked into how Registries are operated and maintained, so here is my personal (uneducated) opinion: I think it is possible that the .tg Registry could be compromised again. I have no idea if all of the newer Registries are using good network and security protocols, infrastructure, etc. I think that we will need to have much deeper investigation and discussions about Registries, so I have added this to my to-do list, but I will not be able to get to it until January. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://clicktime.symantec.com/a/1/mcEC05Cw_1xqHZAtMNn7EcnEg4nah8YZRDPpmi4jv 98=?d=CVUyKj1esC0iPxphVfmlXKmHgqqoVMlZEs52KqNWd2oT-ZKsOrQyh75JHM8fUOmXQvSVYN Axaf_uL_qw2veBL1uD_NBnuxrVL03BMwmJ5WqSeO1Qyb3EGvXK-WOqcGI5ZqPNUefR37XwxjDImn gIZ6V-qfcc_hbPRc-1pi89HlCsBAj1fejLAHOId10a-l17fqyWDPPMHNPRUc9gd9k8ulOD9XWv3W 9NzgK45lFwYcWcV9V-hzOhaCpA4j1AHVYrZ3FGrLGHNNhmK4lv4eGuAOzmuGJ19qaFW4rZ_bf-7A qX7ZLNl5RPblcUQbUJl9jM1pEVgOedqPMkHQTaZfa4YXFkfDfo3Dk8pDlp12_sATizciDKRpPVvY c7r7_v9B0elPw5r9mqGmYsl7kBhrLgHRBp0xZ3Qwwjoq26GhtpLHE4961NVld1nmZlPAtJ1_svO- BrEmyoWAd-&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-polic y
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
