nanog mailing list archives
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
From: Heinrich Strauss <heinrich () hstrauss co za>
Date: Sat, 10 Sep 2011 10:47:02 +0200
On 2011/09/10 05:06, Michael DeMan wrote:
Given a private network and the need to monitor it in a private company[1], we generated a certificate like this for internal use signed by a company-internal trusted certificate authority.Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all. I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'.
Also, given the Subject Alternative Name extension, it is quite possible to generate a "godmode" certificate for gracefully redirecting proxied HTTPS requests to an "Access Denied" page or even nefarious-purpose-logging machine.
-H. [1] http://en.wikipedia.org/wiki/Lawful_interception
Current thread:
- Microsoft deems all DigiNotar certificates untrustworthy, releases updates Network IP Dog (Sep 07)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Alexander Harrowell (Sep 07)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Marcus Reid (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Paul (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Michael DeMan (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Dan White (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Heinrich Strauss (Sep 10)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 10)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Paul (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 09)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 10)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Michael Painter (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Cameron Byrne (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Bjørn Mork (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Joel jaeggli (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates sthaug (Sep 11)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Martin Millnert (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 12)