This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[members-discuss] Charging scheme 2025 proposal (logarithmic)
- Previous message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
- Next message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrey Korolyov
andrey at xdel.ru
Tue Apr 16 21:44:53 CEST 2024
On Tue, Apr 16, 2024 at 10:30 PM Kaj Niemi <kajtzu at basen.net> wrote: > > Hi, > > > Both RIPE and their CDN seem to use DNSSEC. > > Indeed, the CDN utilizes LE as the issuing CA. The LE does publish the list of issued certificates as part of Certificate Transparency, as far as I know the list is public and can be consumed by anyone. > > Is there some specific concern you're thinking of? > > > > Kaj Yes, there is a simple way for circumventing the issuing procedure of LE certificates when an actor is able to act as man-in-the-middle, see [1] for example. Theoretical assumptions of the same kind of attack circulated around security-related communities since beginning of LE deployment and it's quite strange to see the org with annual budget of tens on M$ using zero-liability CA for the primary web resource. 1. https://therecord.media/jabber-ru-alleged-government-wiretap-expired-tls-certificate
- Previous message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
- Next message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]