logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://anongit.hacktivis.me/git/ca-certificates.git/
commit: ae82d4612a0299c1f6e8d7977439caaee4d548f3
parent 045eeb36700c783095f9cf6bcad380d6da470081
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun, 11 Aug 2024 10:47:45 +0200

RejectedCertificatesAutorities.md: Reject ZeroSSL (COMODO)

Diffstat:

MRejectedCAs.md18++++++++++++++++++
1 file changed, 18 insertions(+), 0 deletions(-)

diff --git a/RejectedCAs.md b/RejectedCAs.md @@ -3,3 +3,21 @@ - Appears to still support non-standard verifications - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificate - Cross-signs other CAs, which while interesting for allowing new CA, ultimately means having to trust all the cross-signed CAs + +## COMODO + +Brands: +- Francisco Partners Management, L.P. +- Xcitium +- Sectigo +- CodeGuard + +Or Sectigo with their re-branding. + +Notorious in terms of controversies, shouldn't be present in any decent CA list. <https://en.wikipedia.org/wiki/Comodo_Cybersecurity> + +## ZeroSSL + +The certificate they use <https://crt.sh/?caid=158799> is a child certificate of Sertigo/COMODO. + +Looks very suspicious, normally a new CA should only get cross-signed.