Yo James! On Mon, 4 Mar 2019 15:38:00 -0800 James Browning via devel <devel@ntpsec.org> wrote:
> On Mon, Mar 4, 2019, 1:48 PM Gary E. Miller via devel > <devel@ntpsec.org> wrote: > > > Yo Matthew! > > > > On Mon, 4 Mar 2019 21:35:14 +0000 > > Matthew Selsky <matthew.sel...@twosigma.com> wrote: > > > > > On Mon, Mar 04, 2019 at 12:11:07PM -0800, Gary E. Miller via devel > > > wrote: > > > > > > > Given the Comodo mess of last week I expect a lot more people > > > > will want to do pinning next month. > > > > > > Do you have a reference for this mess? > > > > > > Very long NANOG thread: > > > > https://mailman.nanog.org/pipermail/nanog/2019-February/099719.html > > > TLDR there was an EPP takeover by crackers unknown. Let's Encrypt and > Comodo apparently were fooled into signing bad TLS cert and while > Let's Encrypt is trying to do better Comodo was apparently like meh, > what ever. Spawn ridiculously long thread, DANE. SPF whatever. To me, the take home is that LE was not tricked into signing bad certs if the victim had DNSSEC deployed. Comodo got tricked even when DNSSEC was on. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgp2y8xUbGniQ.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
