<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Thanks for the clarification, Phillip.<div><br></div><div>m</div><div><br><div><div>On Mar 24, 2011, at 10:06 AM, Phillip Hallam-Baker wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">No login servers were affected.<div><br></div><div>Several domains on which the servers are deployed were affected but not the login servers.</div><div><br></div><div><br><br><div class="gmail_quote">On Thu, Mar 24, 2011 at 12:48 PM, Mike Hanson <span dir="ltr"><<a href="mailto:mhanson@mozilla.com">mhanson@mozilla.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Comodo has posted a detail incident report here:<br>
<a href="http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html" target="_blank">http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html</a><br>
<br>
Several login servers were affected.<br>
<br>
-MH<br>
<div><div></div><div class="h5"><br>
<br>
On Mar 24, 2011, at 7:09 AM, John Bradley wrote:<br>
<br>
><br>
><br>
> <a href="http://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular" target="_blank">http://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular</a><br>
><br>
> The browser venders blocking those certificates is nice, however there are attacks on RP that could be done with those certificates that are still open.<br>
><br>
> In testing something like 0% of RP check OCSP or CRL, the libs don't force openSSL to so those checks (I think DNOA will do them in FICAM mode)<br>
><br>
> So perhaps encouraging people to perform those checks would be a good idea.<br>
><br>
> We can only hope that none of the 9 certificates cover openID OP, otherwise user accounts at RP could theoretically be compromised.<br>
><br>
> John B.<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> security mailing list<br>
> <a href="mailto:security@lists.openid.net">security@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
<br>
_______________________________________________<br>
security mailing list<br>
<a href="mailto:security@lists.openid.net">security@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br><br>
</div>
</blockquote></div><br></div></body></html>