Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

coderman coderman at
Wed Jul 3 12:11:02 PDT 2013

On Wed, Jul 3, 2013 at 11:55 AM, Steve Weis <steveweis at> wrote:
> Hi. I was interested in your comment that the Comodo hacker used the
> HSM programmatic interfaces. Do you have a source of that which you
> can share? I'm not finding a good post-mortem that mentions that fact.

the gory details at

- Comodo - HTTPS API level access from extracted reseller credentials.
CAA might be useful here.
- DigiNotar - HSM XUDA interface used directly. CAA not applicable.
- StartCOM - netHSM interface used directly. CAA not applicable.

More information about the liberationtech mailing list