[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Microsoft deems all DigiNotar certificates untrustworthy, releases updates
- Subject: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Date: Mon, 12 Sep 2011 04:39:23 -0400
- In-reply-to: Your message of "Sun, 11 Sep 2011 22:01:47 EDT." <CAL9jLaZL8UygQjjcvaCbpW0qBqnSrygJb6HQTK4gh=NH45aCAg@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAL9jLaZL8UygQjjcvaCbpW0qBqnSrygJb6HQTK4gh=NH45aCAg@mail.gmail.com>
On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said:
> If I have a thawte cert for valdis.com on host A and one from comodo
> on host B... which is the right one?
You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when
you got to the IP address you were trying to reach, the cert didn't validate as
matching the hostname, you know something fishy is up.
And if you *do* have two certs for it, I'd like to talk to the bozos at
Thawte and Comodo who obviously didn't check the paperwork. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110912/86044849/attachment-0001.bin>