Technology Today

The Let's Encrypt project has announced that it will revoke more than three million TLS certificates after a bug was discovered in its Certification Authority Authorization (CAA) code.The bug impacts the server software used by Let's Encrypt, called Boulder, which allows the project to verify users and their domains before a TLS certificate can be issued.
Let's Encrypt has decided to revoke the TLS certificates because the implementation of the CAA specification inside Boulder was affected by the bug.CAA is a security standard that was approved back in 2017.
It allows domain owners to prevent the organizations that issue TLS certificates, called Certificate Authorities (CAs), from issuing certificates for their domains.By adding a CAA field to a domain's DNS records, a domain owner can make it so that only the CA listed in the CAA field has the ability to issue a TLS certificate for their domain.
Certificate Authorities, such as Let's Encrypt, are required to follow the CAA specification exactly or they could risk facing penalties from browser makers.After becoming aware of the issue, Let's Encrypt engineer Jacob Hoffman-Andrews disclosed the fact that a bug in Boulder had led the server software to ignore CAA checks in a forum post, saying:The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times.
What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Lets Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Lets Encrypt.The Let's Encrypt project worked quickly to patch the bug over the weekend and Boulder is now able to verify CAA fields properly before issuing any new certificates.
Thankfully, it is very unlikely that someone exploited the bug, according to the project.As of today, the Let's Encrypt project has revoked all of the certificates that were issued without proper CAA checks.
Now all of the impacted certificates will trigger security errors in browsers until domain owners make a request for a new TLS certificate to replace the old one.Via ZDNet





Unlimited Portal Access + Monthly Magazine - 12 issues


Contribute US to Start Broadcasting - It's Voluntary!


ADVERTISE


Merchandise (Peace Series)

 


Sky TV block as brand-new crackdown interrupts UK homes from viewing content totally free


Sky's biggest-ever conserving on Gigafast broadband cuts £& pound; 96 off the ultimate upgrade


Google is fixing a major issue with your Gmail inbox, and free upgrade is coming soon


Top Tech: 5 Amazon-rivalling deals from Apple, Samsung, Shark and more


Amazon Prime Day: Favourite tech gizmos and home appliances we actually use and love


Consumers can get an Echo Pop speaker for less than ₤ 6 if they do one easy thing


Sky is dispensing a huge upgrade, however just if your postcode is on this list


Amazon slashes ₤ 450 off Shark self-emptying robotic vacuum in mega Prime Day offer


Newest Kindle hits lowest ever cost in Amazon Prime Day deal with over ₤ 100 off


Samsung unveils new Galaxy, and it makes your current Android phone appearance extremely inferior


Simply hours remain on Virgin Media's complimentary 4K TV deal - act quickly


Everyone with an Android phone placed on red alert as massive new threat validated


The 'finest' smart device of 2025 confirmed - has the iPhone or Android come out on top


Amazon's best Apple deals for Prime Day consisting of iPhone, iPad and AirPods


Tech professional warns 'never state yes' to 3 questions from callers you don't recognise


Millions of Brits 'forced to function as online security guards' for elderly family members


Leading Tech: Virgin Media's totally free television giveaway ends quickly as 48-hour countdown begins


All Amazon Prime users put on high alert - you need to follow 4 new rules today


Amazon gives you 3 reasons to ditch your Fire TV Stick and try something new this week


Apple fans rush for 22% off AirPods Pro 2 as Amazon Prime Day kicks off


Paramount+ drops to £3.99 in half price sale ending this week


Amazon is handing out free Echo speakers this week and here's how to get yours


AI is the 'best organization partner' says youngest self-made female billionaire


Everyone using Amazon issued with an urgent 'don't click' warning this week


Sky is dishing out free TV channel upgrades, and here's how to watch it


Apple fans rushing for ₤ 35 iPhone 16 Pro Max as Sky uses payday deal


'I visited Chinese city which is like sci-fi movie with robots and noiseless trains'


Top Tech: Amazon's best early Prime Day deals including Ring, Tefal and Nespresso


Brits now 'obsessed' with health tracking and say it's key to motivation