On 18/12/2018 16:41, Ryan Sleevi wrote:
> On Tue, Dec 18, 2018 at 7:41 AM Rob Stradling wrote:
> On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
>
> > I think it;s worth calling out that Let's Encrypt has implemented
> what
> > appears to be a relatively simp
On Tue, Dec 18, 2018 at 1:53 PM Tim Hollebeek
wrote:
> The problem is that the attackers get to choose the CA they use, so
> multi-perspective validation doesn't provide any benefits unless everyone
> has to do it.
>
> I brought it up several times at the validation working group and as a
> discu
can.st; mozilla-dev-security-
> policy
> Subject: Re: DNS fragmentation attack subverts DV, 5 public CAs vulnerable
>
> On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
>
> > I think it;s worth calling out that Let's Encrypt has implemented what
>
On Tue, Dec 18, 2018 at 7:41 AM Rob Stradling wrote:
> On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
>
> > I think it;s worth calling out that Let's Encrypt has implemented what
> > appears to be a relatively simple mitigation:
> >
> https://community.letsencrypt.org/t/edns-bu
On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote:
> I think it;s worth calling out that Let's Encrypt has implemented what
> appears to be a relatively simple mitigation:
> https://community.letsencrypt.org/t/edns-buffer-size-changing-to-512-bytes/77945
Sectigo implemented this sam
On Tue, Dec 11, 2018 at 10:27 AM Hector Martin 'marcan' via
dev-security-policy wrote:
> On 12/12/2018 01.47, Ryan Sleevi via dev-security-policy wrote:
> > Is this new from the past discussion?
>
> I think what's new is someone actually tried this, and found 5 CAs that
> are vulnerable and for w
On Tuesday, December 11, 2018 at 11:27:52 AM UTC-6, Hector Martin 'marcan'
wrote:
> On 12/12/2018 01.47, Ryan Sleevi via dev-security-policy wrote:
> > Is this new from the past discussion?
>
> I think what's new is someone actually tried this, and found 5 CAs that
> are vulnerable and for which
On 12/12/2018 01.47, Ryan Sleevi via dev-security-policy wrote:
> Is this new from the past discussion?
I think what's new is someone actually tried this, and found 5 CAs that
are vulnerable and for which this attack works in practice.
> https://groups.google.com/d/msg/mozilla.dev.security.policy
On Tue, Dec 11, 2018 at 11:34 AM Hector Martin via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I figured this presentation might be of interest to this list:
>
>
> https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
>
> It seems they foun
I figured this presentation might be of interest to this list:
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
It seems they found 5 (unspecified) public CAs out of 17 tested were
vulnerable to this attack, which can be performed by an off-path attacker.
The
10 matches
Mail list logo