[cryptography] Let's go back to the beginning on this

Marsh Ray marsh at extendedsubset.com
Tue Sep 13 15:10:13 EDT 2011


On 09/13/2011 01:31 PM, Seth David Schoen wrote:
> An example from yesterday was
>
> https://www.senate.gov/
>
> which had a valid cert a while ago and then recently stopped.  (Their
> HTTPS support was reported to us as working on June 29; according to
> Perspectives, the most recent change apparently happened on September 9.)

They got hacked by LulzSec back in June, their web software was ancient 
like a time capsule. IIRC, there were a lot of subject-alt names on that 
shared-IP certificate. No doubt the private key was compromised.

It probably took this long to reissue and re-deploy all the sites.

- Marsh



More information about the cryptography mailing list