ooon24.ir/)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug
certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Alden
Comodo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug
is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com
notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
issuing certificates unwisely
To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/310999/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Hey Doktor - the operation was successful - the patient died? This is
actually not what we want. Don't kill the patient, root out the source
of the problem. Or yank the root. Or whatever...
As such why is bug 642395 restricted?
--
You received this bug notification because you are a member of
(In reply to comment #84)
Hey Doktor - the operation was successful - the patient died? This is
actually
not what we want. Don't kill the patient, root out the source of the problem.
Or yank the root.
Understandable, given that issuing certs is one of your company's
businesses. :-)
(In reply to comment #85)
Understandable, given that issuing certs is one of your company's businesses.
:-) However, I have to go with The H Security:
The opinion of an editor isn't a decision factor I guess.
Security by obscurity? :P Someone should unlock it promptly, gets
ridiculous.
Gets even better - addons.mozilla.org was not enough, Comodo has been
also creating trust online by issuing fraudulent certificate for
login.live.com (Windows Live ID):
Microsoft Releases Security Advisory 2524375:
Wow, and login.skype.com, login.yahoo.com, www.google.com and
mail.google.com - just excellent. OK, it's official - Comodo is now 4.5
times more lame than Verisign. :-P Their verification process must
completely rock, must be just another glitch in our validation system
- (C) Patricia, Certstar
(In reply to comment #79)
The relevant Mozilla bug to that incident is bug 642395.
It's time to open it up... those 9 certs are now publicly available, so
I see no reason to keep that bug private any longer.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
(In reply to comment #89)
those 9 certs are now publicly available, so I see
no reason to keep that bug private any longer.
No, I think the 9 certs are NOT publicly available.
In fact, the attacker might not have received the certs, according to Comodo's
blog.
So, for the time being, it
(In reply to comment #90)
No, I think the 9 certs are NOT publicly available.
They are. I don't think it's necessary to attach them here, but believe
me, they are publicly available.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Created attachment 521253
Comodo fraudulent certificates
Since proof is in the pudding - the above is being shipped via Windows
Update/WSUS at the moment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
(In reply to comment #68)
We do still have a subset of our sales partners who are able to act as RAs,
but
since this debacle over CertStar we have retrofitted our own DV process into
the RA's ordering process in the vast majority of cases.
By 'our own DV process', I mean that Comodo performs
Robin, so the official stance from Comodo and its CEO - at least per bug
642395 Comment 73 - is that Iranian government should be blamed for this
blunder? Well, in that case my last hopes that there still some tiny bit
of common sense left behind Comodo's operation just ended in smoke.
Meanwhile,
I reiterate my objection to Mozilla allowing the included certification
authorities to outsource to third-party registration authorities.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
Guys, lets take discussions to mozilla-dev-security-
pol...@lists.mozilla.org not here on the bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates
So, how much is too much?
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
snip
This issue was reported to us by the *Comodo Group, Inc.*, the certificate
The relevant Mozilla bug to that incident is bug 642395.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
--
ubuntu-bugs mailing list
(In reply to comment #79)
The relevant Mozilla bug to that incident is bug 642395.
Thanks for the pointer, but that bug is:
1/ Restricted (why still restricted, I have no idea, it's leaked all over the
web)
2/ Marked as RESOLVED FIXED.
While that particular *incident* might have been fixed,
While I agree with your sentiment (and don't particularly like the way
this was handled – if the issuance issue was fixed then what's with the
secrecy?), I think the underlying problem is going to require a more
drastic solution than playing whack-a-mole with CAs. The TOR blog post
references a
I stand by my comment 72. A CA must not be allowed to outsource central
functions of the CA, including key signing, verification and server
administration. All entities who can, technically or organizationally,
perform these functions, must be included in the audits, being checked
physically. We
(In reply to comment #81)
in the mean time we face a tradeoff between greater availability (and
therefore
deeper penetration) of SSL and dodgy certs... I'm not sure what the best
solution is (and am perhaps more concerned about government interference with
CAs than technical issues).
While
I am seeing the This connection is untrusted warnings in Firefox
3.6.12 on Ubuntu 10.10 for sites with certificates from Comodo. The same
sites work fine in Firefox 3.6.x on Windows XP. Sites include:
https://contractor.lexisnexis.com/CS/welcome.do?justanswer
** Changed in: nss
Importance: Unknown = High
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: nss
Status: Confirmed = In Progress
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Alexander confirms that no action is required from our side any more.
** Changed in: nss (Ubuntu Jaunty)
Status: Triaged = Won't Fix
** Changed in: nss (Ubuntu Intrepid)
Status: Triaged = Won't Fix
** Changed in: nss (Ubuntu Hardy)
Status: Triaged = Won't Fix
** Changed
** Changed in: nss (Ubuntu Jaunty)
Assignee: (unassigned) = Alexander Sack (asac)
** Changed in: ca-certificates (Ubuntu Jaunty)
Assignee: (unassigned) = Alexander Sack (asac)
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug
Information on mozilla mailing lists indicates that Comodo has followed
up on the improperly issued certificates, and that revocations of the
affected certificates have been published in a crl: http://www.mail-
archive.com/dev-tech-cry...@lists.mozilla.org/msg05818.html
So I don't see that
On Fri, Jan 16, 2009 at 01:54:17AM -, Steve Langasek wrote:
Still in a holding pattern here, not blocking alpha-3 on this. Do we
think we can get a resolution for alpha-4?
** Changed in: ca-certificates (Ubuntu Jaunty)
Target: jaunty-alpha-3 = jaunty-alpha-4
Upstream still
Still in a holding pattern here, not blocking alpha-3 on this. Do we
think we can get a resolution for alpha-4?
** Changed in: ca-certificates (Ubuntu Jaunty)
Target: jaunty-alpha-3 = jaunty-alpha-4
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You
Regarding ca-certificates, while this problem is unfortunate, it is
clear that simply removing the cert is not the answer because thousands
of perfectly valid certificates would be marked invalid. If a subset of
Comodo is to be invalidated, we need to consider Mozilla's rationale and
On Tue, Jan 06, 2009 at 01:58:37PM -, Jamie Strandboge wrote:
Regarding ca-certificates, while this problem is unfortunate, it is
clear that simply removing the cert is not the answer because thousands
of perfectly valid certificates would be marked invalid. If a subset of
Comodo is to be
i will defer decision for the ca-certificates package to the ubuntu
security team. If they make a decision i will also communicate their
rational to NSS upstream.
** Changed in: ca-certificates (Ubuntu)
Importance: Undecided = High
Status: New = Triaged
--
comodo seen issuing
blocking next alpha so we get a decision soon.
** Changed in: ca-certificates (Ubuntu Jaunty)
Target: None = jaunty-alpha-4
** Changed in: ca-certificates (Ubuntu Jaunty)
Target: jaunty-alpha-4 = jaunty-alpha-3
--
comodo seen issuing certificates unwisely
we should decide on the blocking status for stable ubuntu releases, once
we decided what to do for jaunty.
** Changed in: ca-certificates (Ubuntu Dapper)
Importance: Undecided = High
Status: New = Triaged
** Changed in: ca-certificates (Ubuntu Gutsy)
Importance: Undecided = High
i will follow upstream decision on nss package.
** Changed in: nss (Ubuntu)
Importance: Undecided = High
Status: New = Triaged
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
On Fri, Jan 02, 2009 at 02:32:54PM -, Gabriel de Perthuis wrote:
DIY way to quit trusting these certificates:
sudo sed -ri '/comodo|utn|addtrust/Is/^!*/!/' /etc/ca-certificates.conf;
sudo update-ca-certificates
nss doesnt use the ca-certificates package, but uses its own cert
store ...
DIY way to quit trusting these certificates:
sudo sed -ri '/comodo|utn|addtrust/Is/^!*/!/' /etc/ca-certificates.conf;
sudo update-ca-certificates
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of
Ubuntu has the opportunity to exercise some editorial judgment here by
removing the cert regardless of the Mozilla project's decision. This
cert authority has clearly breached their duty to users to issue certs
only to verified parties. Since these certs are installed system-wide,
and are used
Well, I would like to defer to Mozilla's judgement here, as it comes
from their truststore. On the other hand we do not have the
possibility, to my knowledge, to add an intermediate CA to the package
with some negative trust value. So we would need to prune Comodo
completely.
As stated CertStar
** Changed in: nss
Status: Unknown = Confirmed
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
*** This bug is a security vulnerability ***
Public security bug reported:
http://blog.startcom.org/?p=145
Comodo, or one of its resellers, has been observed selling certificates
without serious domain control checks or other verification. There
should be some consideration for removing the
http://it.slashdot.org/article.pl?sid=08/12/23/0046258
Has some discussion on this topic.
--
comodo seen issuing CAs unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Even more:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/9c0cc829204487bf?pli=1
--
comodo seen issuing CAs unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Summary changed:
- comodo seen issuing CAs unwisely
+ comodo seen issuing certificates unwisely
--
comodo seen issuing certificates unwisely
https://bugs.launchpad.net/bugs/310999
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
59 matches
Mail list logo
