Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] Let's Encrypt revoking certain certs today (4 March 2020)

Subject: Internet2 Network Security SIG

List archive

[Security-WG] Let's Encrypt revoking certain certs today (4 March 2020)


Chronological Thread 
  • From: "Seesink, Frank" <>
  • To: "" <>
  • Subject: [Security-WG] Let's Encrypt revoking certain certs today (4 March 2020)
  • Date: Wed, 4 Mar 2020 14:33:01 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=unc.edu; dmarc=pass action=none header.from=unc.edu; dkim=pass header.d=unc.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zO9RtnFjrtgDtDCxSsVwEPfVrD54btaTPsAgS74+C6s=; b=Km9Y+hCFQrEGCK5vbB7nU3e8kdRDls/9HS41+xPvnRXqFMjdS9lNthukRxMwbhEmdk9YcHhD5TZH6P+7fM39v9imCI/I/CaigyGQMX6k6KvwceJji/Pw0wWPIN0z8AhLuWIb+s0D35K+ZSmByM6N4HujSVVl6N6ALluiQkh3mLO99MP623fXKg4KIIlgjTZMVF6Jlowxx4+V/ThOE1oJtbvD7P46mUKeGkpIJK5F8/8s2LOSOVWmn2TGfq66QAfKVKl1FpMHjI2URriSWvkAXN7wlY7ciFfeqSakxiDlNJxUK5aIcMWVWTVxUQQL7XBxrwafMRzSOk4x17G+s1js3w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KHSrfCtIaqLVhoO5y0DHsw0dccXev2dj9hK9eIea2tN+YPlC+uSQdctdRj2dB2q4m3v9qwj0nFUwYPuwEX+u13Ex1maJbSR+I9D/zN9SlUY6I3PkvDg0+AfokJ/sL8E3lJv8hAmhxkBXiZLRZk3Nkj+kAaMdAjX0Z7RoVhJfNiugP0dpJt3bgFi+yCz+2jVMxmD1E4azvv4KacK2BwbqPzi+1hMtP2LqVmS8AzRkc/eE8LmW0zcmrehQVmEdN/qZ7eqdD5CPMHsKLoxgpSPbPSdwwgYF/HHhaoT+OJaldmDchXIWREg6pgkQ9EdXlxokIj/fpzX5/66K92oH3M667w==

Just in case anyone didn’t see this:


If you or someone you know uses Let’s Encrypt, they may want to manually force a recert.


Frank Seesink
Senior Network Engineer
ITS Communication Technologies
UNC-Chapel Hill | ITS Franklin, Office 1006
+1 919.445.0844

On Mar 3, 2020, at 2:22 PM, Adair Thaxton <> wrote:

I hope everyone enjoyed their extra day of February.  Did you get candy from Leap Day William?  (Any other 30 Rock fans?  Just me?)

Jeff Bartig and I spoke with Google at NANOG, for an update on IRR filtering.  Right now they're in a "marking and reporting" phase.  Their plan is that in 2-3 months, they'll start de-prefing routes missing proper IRR records, and around September they'll start dropping them.  It's important to note that by "dropping", they mean that traffic will take a commodity transit path, not via Internet2 or any other peering path.

How has coronavirus impacted your networks?  When was the last time you updated your VPN software, and VPN client software?  Are you prepared for the possibility of a largely remote workforce?  Zoom has temporarily lifted the 40-minute limit for free users in China (https://www.businessinsider.com/coronavirus-covid-19-spread-zoom-video-lift-call-limit-2020-2).  Webex has also lifted the time limit restriction and is offering free 90-day licenses (https://blog.webex.com/video-conferencing/cisco-webex-supporting-customers-during-this-unprecedented-time).

We continue to work on BGP Flowspec, and have deployed an internal portal for rule instantiation and monitoring.  We're also finishing up configs on the route reflector.

Greg Grimes asked in the NTAC slack channel if anyone is doing TLS1.3 decryption.  His CISO is interested in it, and hasn't found the price of capable boxes to be a deterrent.  Can anyone add any practical experience with this?

This month's link in the category of "things that may interest only me" is that corp.com is up for sale, and that could be bad.  https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/

Adair




Archive powered by MHonArc 2.6.19.

Top of Page