Russian Censor Bans Comodo... Doesn't Realize Its Own Security Certificate Is From Comodo

from the ow!-my-foot!-shot-it-right-off! dept

The Russian government's state censorship organization, Roskomnadzor (technically its telecom regulator) has been especially busy lately as the government has continued to crack down on websites it doesn't like. However, as pointed out by Fight Copyright Trolls, it appears that Roskomnadzor may have gone a bit overboard recently, in response to a court ruling that had a massive list of sites to be banned (over a thousand pages). Apparently, as part of that, various sites associated with Comodo were all banned. That's pretty bad for a variety of reasons, starting with the fact that Comodo remains one of the most popular issuers of secure certificates for HTTPS.

In fact, as many quickly noted, Roskomnadzor's own website happens to be secured with a certificate from... Comodo:
It's not entirely clear the impact of this, but the Rublacklist site appears to be implying (via my attempt at understanding Google translate's translation...) that this also means that sites that rely on Roskomnadzor's registry of sites to block... may be blocked from accessing the list. Because its own site is effectively blocked by the list. Oops.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ban list, censorship, https, roskomnadzor, russia, security certificate, ssl
Companies: comodo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Skeeter, 26 Jul 2016 @ 3:13pm

    Trust Certificates, really?

    The grander humor to all of this is the idea of a 'Trust Certificate' to begin with. Have any commenting actually looked at what it takes to get a 'trust' certificate? Ever wonder why the new fad is to 'revoke previously issued Trust Certificates'?

    It's because Comodo, like a LOT of other CA's have done their best to emulate the BBB, and sell Trust Certificates to most anyone with a phone and a credit card! Now, they find out (after the horse is out of the barn) that a LOT of those certs they sold went to: Russian Mafia, unknown government entities and more. Now, they want to 'revoke' them, and 'legitimately scrutinize' who's actually buying them. Layman's terms: OOPS!

    So, before you think it's funny that these 'certificates' are revoked, or the CA is now black-listed, maybe, just maybe you need to understand that it doesn't take a 'little green padlock' in the URL bar to get someone to visit your site anymore than a 'little green padlock' missing will stop them.

    You don't go to websites you don't mean to, and you default to trusting sites you go to without looking whether there is a padlock in that URL bar when you do. If money or personal ID aren't 'in-transit', few care, and fewer look.

    Hey, I thought everyone wanted to be in the 'cloud' nowdays with their G-Strings showing? I thought everyone wanted to go 'no privacy', and that Google-NSA was a good thing, remember?

    In reality, CA's are like ISO certification for manufacturing. In reality, it doesn't make a better product, it makes a mediocre product cost more, and in most instances, bankrupts smaller companies in the end. Same with CA's - it's a scam to start with.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.