Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

coderman coderman at
Wed Jul 3 11:41:20 PDT 2013

On Tue, Jul 2, 2013 at 10:01 AM, Ralph Holz <holz at> wrote:
>> DANE:
>> CAA:
>> ....
> I wonder whether that would have protected against the Comodo Hacker. It
> seems it depends when and from where the CAA checks are run.

it would not. Comodo Hacker used the HSM programmatic interfaces
directly to issue certificates, thus bypassing any checks CAA would

> ...
> It's another reason I like DANE and CT better.

fortunately you don't have to pick one; use both ;)

More information about the liberationtech mailing list