|
For a two hour window yesterday we saw "ocsp.entrust.net" resolving to a CNAME of "ocsp.entrust.net.edgagekey.net" rather than the usual "ocsp.entrust.net.edgekey.net". Did anyone else see this? Fortunately "edgagekey.net" is not a registered domain so these didn't go anywhere. These affected devices were Apple devices attempting to validate various hosts under "push.apple.com". Since Entrust is a certificate authority for Apple, and Apple doesn't appear to have a CAA record, could an attacker have noticed what I presume is a misconfiguration by Entrust or Akamai, registered the edgagekey.net domain, and with some DNS poisoning have delivered signed but fraudulent Apple content? In general, if a CA is delivering OCSP certificate status through a CDN, does that mean they are storing at least an intermediate private key on CDN servers? |
jauntysankey 5 Posts |
| Quote Subscribe |
Jun 10th 2019 5 months ago |
Sign Up for Free or Log In to start participating in the conversation!
