nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

From: Heinrich Strauss <heinrich () hstrauss co za>
Date: Sat, 10 Sep 2011 10:47:02 +0200

On 2011/09/10 05:06, Michael DeMan wrote:

Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all.

I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'.

Given a private network and the need to monitor it in a privatecompany[1], we generated a certificate like this for internal use signedby a company-internal trusted certificate authority.

Also, given the Subject Alternative Name extension, it is quite possibleto generate a "godmode" certificate for gracefully redirecting proxiedHTTPS requests to an "Access Denied" page or evennefarious-purpose-logging machine.


-H.

[1] http://en.wikipedia.org/wiki/Lawful_interception

Current thread:

Microsoft deems all DigiNotar certificates untrustworthy, releases updates Network IP Dog (Sep 07)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Alexander Harrowell (Sep 07)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Marcus Reid (Sep 09)
  - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Paul (Sep 09)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Michael DeMan (Sep 09)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Dan White (Sep 09)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Heinrich Strauss (Sep 10)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 10)
  - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 09)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 10)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Michael Painter (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Cameron Byrne (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Bjørn Mork (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Joel jaeggli (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates sthaug (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Martin Millnert (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 12)

(Thread continues...)