Rob Stradling <r...@sectigo.com> wrote:
>> 2. An attack where CA B (mistakenly) issues a certificate for
corp.example,
>> when it should have been CA A is called... ???
>> I know it as Comodo-Gate.
> (Your question almost identified an answer 😉 )
Almost, but not quite.
> CAA (RFC6844, obsoleted by RFC8659), which was one good thing that came
> out of the Comodo-gate incident, helps to defend against exactly this
> sort of attack. (From the Abstract: "CAA Resource Records allow a
> public CA to implement additional controls to reduce the risk of
> unintended certificate mis-issue").
Yes, so it defends against an attack that is never actually named.
At best, I guess this is a "mis-issue attack"
Thank you for the pointer though.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
