Has anyone started looking into CA issuances -- or even more importantly -- CA domain validations performed successfully and yet without issuing a certificate (say, wanting to cache the validation) for the brief periods in which much of the internet saw alternative target destinations for a great deal of high value organization IP space?
For those CAs with workflows which allow for expressly requesting a domain validation but not necessarily requiring that it be immediately utilized (say, for example LetsEncrypt or another CA running ACME protocol or similar) it might be of interest to review the validations performed successfully during those time windows. Additionally, it may be of value for various CAs to check their issuances upon domain validation for those periods. You can find the time periods and details about some of the IP space hijacked at bgpmon.net _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
