Paul Hoffman: > http://news.netcraft.com/archives/2008/06/12/ssl_certificates_vulnerable_to_openssl_flaw_on_debian.html > > > The last paragraph says: > > ===== > Although a number of certificate authorities have offered free > replacement certificates to customers affected by the Debian OpenSSL > vulnerability, it has been reported that they have not been getting a > big response. Comodo is offering a free replacement SSL certificate to > any affected business, regardless of their original provider, while > VeriSign is offering free reissuance for both SSL certificates and code > signing certificates. GeoTrust and Thawte also offer free SSL > certificate reissuance, and RapidSSL certificates can be renewed for > free at GeoTrust's website. > ===== > > No mention of any CA actively contacting affected customers, much less > revoking any certs.
StartCom has scanned and detected all vulnerable keys and informed the affected subscribers. We'll revoke all compromised keys within a short time. We also updated our FAQ page https://www.startssl.com/?app=25#74 and will scan future submissions of CSRs for potential vulnerabilities and provide a tool to detect them beforehand at the StartSSL Control Panel. Even though we represent only a small share of the overall potentially affected certificates, the nagging of you all of you was not fruitless after all :-) -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
