Looks like it does NOT affect certificate issuance directly, though.
Kind regards,
Jan
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inconvenience, thank the spammers...
>seems another Comodo reseller has not taken security too seriously:
>http://pastebin.com/F5nUf5kr and http://pastebin.com/9qwdL1pA
>
>Looks like it does NOT affect certificate issuance directly, though.
Could this have been exploited in any way to obtain certs, or is it just an
egg-on-face thing?
Peter.
Initially it seems the later - but probably at this stage it might be
possible to change the content in the DB, triggering the issuance of a
certificate for a different subject than actually validated.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg