(In reply to Nelson Bolyard (seldom reads bugmail) from comment #0) > Today, in https://blog.startcom.org/?p=145 and in > http://groups.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/ > 9c0cc829204487bf > https://blog.startcom.org/wp-content/uploads/2008/12/screenshot-certificate- > viewerwwwmozillacom.png > https://blog.startcom.org/wp-content/uploads/2008/12/screenshot-certificate- > viewerwwwmozillacom-1.png > Eddy Nigg reported that he had obtained an SSL server certificate for the > domain www.mozilla.com. The certificate was said to appear valid in the > current Firefox browser, for a time. According to the screen shots > provided, > the certificate said on its face that it was "Domain Control Validated". > However, since Eddy is not known to control the mozilla.com domain, such a > claim seems dubious. > > I filed this bug so there would be a place for the investigation and any > subsequent actions (if any) to be recorded.
dd(In reply to Eddy Nigg (StartCom) from comment #3) > I hold the corresponding private key of this CSR. what is this ? can i use it in my website (https://sakhtemooon24.ir/)? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/310999 Title: comodo seen issuing certificates unwisely Status in NSS: Fix Released Status in ca-certificates package in Ubuntu: Invalid Status in nss package in Ubuntu: Won't Fix Status in ca-certificates source package in Dapper: Invalid Status in nss source package in Dapper: Won't Fix Status in ca-certificates source package in Gutsy: Invalid Status in nss source package in Gutsy: Won't Fix Status in ca-certificates source package in Hardy: Invalid Status in nss source package in Hardy: Won't Fix Status in ca-certificates source package in Intrepid: Invalid Status in nss source package in Intrepid: Won't Fix Status in ca-certificates source package in Jaunty: Invalid Status in nss source package in Jaunty: Won't Fix Bug description: http://blog.startcom.org/?p=145 Comodo, or one of its resellers, has been observed selling certificates without serious domain control checks or other verification. There should be some consideration for removing the impacted CA certificate from ca-certificates and other related packages in the near future, considering the possibility of other fake certificates. I wish the site above had more details, but obviously a 'how to get your own cert like this' is just asking for trouble. To manage notifications about this bug go to: https://bugs.launchpad.net/nss/+bug/310999/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
