[144438] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy,
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Sep 12 04:40:42 2011
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: Your message of "Sun, 11 Sep 2011 22:01:47 EDT."
<CAL9jLaZL8UygQjjcvaCbpW0qBqnSrygJb6HQTK4gh=NH45aCAg@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 12 Sep 2011 04:39:23 -0400
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1315816763_28234P
Content-Type: text/plain; charset=us-ascii
On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said:
> If I have a thawte cert for valdis.com on host A and one from comodo
> on host B... which is the right one?
You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when
you got to the IP address you were trying to reach, the cert didn't validate as
matching the hostname, you know something fishy is up.
And if you *do* have two certs for it, I'd like to talk to the bozos at
Thawte and Comodo who obviously didn't check the paperwork. ;)
--==_Exmh_1315816763_28234P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFObcU7cC3lWbTT17ARAuTCAJ0SWc+EyJXHfaU2dEVDQJAbBRJjJwCfdJ96
YIa9hjWKGQg+XtwsUSwiU/w=
=1OeA
-----END PGP SIGNATURE-----
--==_Exmh_1315816763_28234P--
