Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

coderman coderman at gmail.com
Wed Jul 3 12:11:02 PDT 2013


On Wed, Jul 3, 2013 at 11:55 AM, Steve Weis <steveweis at gmail.com> wrote:
> Hi. I was interested in your comment that the Comodo hacker used the
> HSM programmatic interfaces. Do you have a source of that which you
> can share? I'm not finding a good post-mortem that mentions that fact.


the gory details at http://pastebin.com/u/ComodoHacker

tl;dr:
- Comodo - HTTPS API level access from extracted reseller credentials.
CAA might be useful here.
- DigiNotar - HSM XUDA interface used directly. CAA not applicable.
- StartCOM - netHSM interface used directly. CAA not applicable.



More information about the liberationtech mailing list