Webtagr - Technology News Summarizer

SSL.com Domain Validation Flaw: Incorrectly Verifying Email Domains

2025-04-19

A security vulnerability has been discovered in SSL.com's domain validation system. By exploiting the BR 3.2.2.4.14 DCV method (Email to DNS TXT Contact), an attacker can trick the system into verifying their email domain, thus obtaining unauthorized certificates. For example, using `[email protected]` as the verification email, SSL.com incorrectly added `aliyun.com` to the list of verified domains, allowing the attacker to obtain certificates for `aliyun.com` and `www.aliyun.com`. This indicates a failure to accurately differentiate between the verification email and the target domain, posing a significant security risk.

DigiCert Attempts to Silence Open Discussion of WebPKI Security Issues

2025-02-25

Following comments by Sectigo's Chief Compliance Officer, Tim Callan, on the Bugzilla forum regarding DigiCert's certificate practices, DigiCert's lawyers attempted to suppress the discussion through the threat of legal action. Sectigo's General Counsel, Brian Holland, responded that Callan's statements were protected under the First Amendment and aimed at fostering open debate on important WebPKI issues. Holland argues DigiCert's actions damage the WebPKI's self-regulatory system and calls for industry attention to prevent similar incidents. The incident highlights WebPKI security and transparency, and the responsibilities and rights of companies in public discourse.

Honest Achmed's Hilarious Attempt to Become a Mozilla Root CA

2025-01-18

Honest Achmed, an individual, submitted a request to add his root certificate to Mozilla's trusted store. His application, filled with humor and irony, detailed an ambitious business plan: sell enough certificates to become 'too big to fail', thus sidestepping regulation. Mozilla ultimately rejected the application as invalid, but the Bugzilla thread sparked a lively discussion amongst developers, filled with jokes and commentary on the state of the CA industry.