"Comodo is offering a free replacement SSL certificate to any affected business, regardless of their original provider...No mention of any CA actively contacting affected customers, much less revoking any certs."
That is now old news. I'm pleased to announce that... 1. Our systems will now use the very latest blacklists from the openssl-blacklist project to identify and reject CSRs with weak keys. This will prevent us from issuing any further certificates with weak keys. 2. We have analyzed all of the unexpired, unrevoked certificates that we've issued. Approximately 1.5% were found to contain weak keys. 3. We have emailed all of our affected customers to: i. alert them to the security risk and to offer them a free replacement certificate. ii. advise them that we plan to revoke all certificates with weak keys soon. 4. We have been monitoring the rate at which customers are replacing their installed certificates. 24 hours after emailing them, we estimate that 8% had done so. We will continue to monitor this. On Friday 13 June 2008 22:19:09 Paul Hoffman wrote: > http://news.netcraft.com/archives/2008/06/12/ssl_certificates_vulnerable_to >_openssl_flaw_on_debian.html > > The last paragraph says: > > ===== > Although a number of certificate authorities have offered free > replacement certificates to customers affected by the Debian OpenSSL > vulnerability, it has been reported that they have not been getting a > big response. Comodo is offering a free replacement SSL certificate > to any affected business, regardless of their original provider, > while VeriSign is offering free reissuance for both SSL certificates > and code signing certificates. GeoTrust and Thawte also offer free > SSL certificate reissuance, and RapidSSL certificates can be renewed > for free at GeoTrust's website. > ===== > > No mention of any CA actively contacting affected customers, much > less revoking any certs. > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
