[liberationtech] How to protect users from compelled fake ssl certs?
coderman
coderman at gmail.com
Wed Jul 3 12:11:02 PDT 2013
On Wed, Jul 3, 2013 at 11:55 AM, Steve Weis <steveweis at gmail.com> wrote:
> Hi. I was interested in your comment that the Comodo hacker used the
> HSM programmatic interfaces. Do you have a source of that which you
> can share? I'm not finding a good post-mortem that mentions that fact.
the gory details at http://pastebin.com/u/ComodoHacker
tl;dr:
- Comodo - HTTPS API level access from extracted reseller credentials.
CAA might be useful here.
- DigiNotar - HSM XUDA interface used directly. CAA not applicable.
- StartCOM - netHSM interface used directly. CAA not applicable.
More information about the liberationtech
mailing list