Skip to Content [alt-c]

Andrew Ayer

Sections

You are here: Andrew's Site

From the blog

Domain Validation Vulnerability in Symantec Certificate Authority

February 5, 2016

Symantec was disregarding + and = characters in email addresses when parsing WHOIS records, allowing certificate misissuance for domains whose WHOIS contacts contained these characters. The vulnerability has been reported and fixed. Read on for more...

There are three common ways for the requester of a domain-validated SSL certificate to prove control over the domain in the certificate request: add a record to the domain's DNS, publish a file on the domain's website, or respond to an email sent to an administrative address at the domain. The basic idea is that getting a DV certificate should require doing something that ...

Read More...