Re: SSL private key for *.alipcsec.com embedded in PC client executables

This time it's just hanging around in memory, no need to do anything about the anti-debug. $ openssl x509 -noout -modulus -in 300288180.crt|md5sum f423a009387fb7a306673b517ed4f163 - $ openssl rsa -noout -modulus -in alibaba-localhost.key.pem|md5sum f423a009387fb7a306673b517ed4f163 - You can ver

Re: SSL private key for *.alipcsec.com embedded in PC client executables

On Tue, Dec 11, 2018 at 05:37:41AM +, Xiaoyin Liu via dev-security-policy wrote: > It’s clear that the private key for *.alipcsec.com is embedded in the > executable, There are ways of implementing SSL such that the private key doesn't *have* to be stored locally. They all require the TLS te

Re: CA Communication: Underscores in dNSNames

On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hello! > > It would be helpful, if the CA/B or Mozilla could publish a document on > its web pages to which we can redirect our customers, if they have > technical questions ab

Re: Incident report Certum CA: Corrupted certificates

On 05.12.2018 21:26, Ryan Sleevi wrote: On Wed, Dec 5, 2018 at 7:53 AM Wojciech Trapczyński wrote: Ryan, thank you for your comment. The answers to your questions below: Again, thank you for filing a good post-mortem. I want to call out a number of positive things here rather explicitly, so

AW: CA Communication: Underscores in dNSNames

Hello! It would be helpful, if the CA/B or Mozilla could publish a document on its web pages to which we can redirect our customers, if they have technical questions about this underscore issue. Right now, I can only tell them, that they are forbidden because the ballot to explicitly allow them