comodo seen issuing certificates unwisely
Bug #310999 reported by
Scott Dier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NSS |
Fix Released
|
High
|
|||
ca-certificates (Ubuntu) |
Invalid
|
High
|
Alexander Sack | ||
Dapper |
Invalid
|
High
|
Unassigned | ||
Gutsy |
Invalid
|
High
|
Unassigned | ||
Hardy |
Invalid
|
High
|
Unassigned | ||
Intrepid |
Invalid
|
High
|
Unassigned | ||
Jaunty |
Invalid
|
High
|
Alexander Sack | ||
nss (Ubuntu) |
Won't Fix
|
High
|
Alexander Sack | ||
Dapper |
Won't Fix
|
High
|
Unassigned | ||
Gutsy |
Won't Fix
|
High
|
Unassigned | ||
Hardy |
Won't Fix
|
High
|
Unassigned | ||
Intrepid |
Won't Fix
|
High
|
Unassigned | ||
Jaunty |
Won't Fix
|
High
|
Unassigned |
Bug Description
http://
Comodo, or one of its resellers, has been observed selling certificates without serious domain control checks or other verification. There should be some consideration for removing the impacted CA certificate from ca-certificates and other related packages in the near future, considering the possibility of other fake certificates.
I wish the site above had more details, but obviously a 'how to get your own cert like this' is just asking for trouble.
Changed in nss: | |
status: | Unknown → Confirmed |
Changed in nss: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in ca-certificates: | |
importance: | Undecided → High |
status: | New → Triaged |
milestone: | none → jaunty-alpha-4 |
milestone: | jaunty-alpha-4 → jaunty-alpha-3 |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
Changed in nss: | |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
importance: | Undecided → High |
status: | New → Triaged |
Changed in ca-certificates: | |
milestone: | jaunty-alpha-3 → jaunty-alpha-4 |
Changed in ca-certificates: | |
milestone: | jaunty-alpha-4 → none |
status: | Triaged → Invalid |
status: | Triaged → Invalid |
status: | Triaged → Invalid |
status: | Triaged → Invalid |
status: | Triaged → Invalid |
Changed in nss: | |
assignee: | nobody → asac |
Changed in ca-certificates: | |
assignee: | nobody → asac |
Changed in nss (Ubuntu Jaunty): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu Intrepid): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu Hardy): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu Gutsy): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu Dapper): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu): | |
status: | Triaged → Won't Fix |
Changed in nss (Ubuntu Jaunty): | |
assignee: | asac → nobody |
Changed in nss: | |
status: | Confirmed → In Progress |
Changed in nss: | |
importance: | Unknown → High |
Changed in nss: | |
status: | In Progress → Fix Released |
The same company that Eddy was able to get the mozilla.com cert from (Certstar) has been endlessly spamming <email address hidden> since the beginning of December complaining that one of our SSL certs had "expired" and needed to be "renewed" (both of which were false). They have continued to spam us almost daily. :(