Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

    Date04 Mar 2020
    CategoryCryptography
    565
    Posted ByBrittany Day
    Lets Encrypt Certificate Revocation

    The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.

    The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

    As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name.

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.