As an update (not that anybody really cares :) )
The key has been updated and also verifies again.
Fun detail is that they updated all the signatures too, which is partially good as at least one can verify them; one cannot know for sure when they updated it (well, except for folks like me who pull the directory and git and keep a watch on it that way).
Greets, Jeroen
--
On 20210331, at 16:53, Jeroen Massar jeroen@massar.ch wrote:
As it is 1 april tomorrow, some things expired yesterday:
Not After : Mar 30 13:28:58 2021 GMTThat thing is.... the COMLOT key to verify those Geldspielgesetz keys for their fun list of worldwide casinos: https://blacklist.comlot.ch/comlot_blacklist.txt
see full cert details below.
You can get the key with or attached:
$ wget -vS https://blacklist.comlot.ch/blacklist.comlot.ch.pub --2021-03-31 16:50:00-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5 Connecting to blacklist.comlot.ch (blacklist.comlot.ch)|194.187.88.5|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Wed, 31 Mar 2021 14:50:01 GMT Content-Type: application/octet-stream Content-Length: 2927 Connection: keep-alive Last-Modified: Wednesday, 31-Mar-2021 14:50:01 GMT Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes Length: 2927 (2.9K) [application/octet-stream] Saving to: ‘blacklist.comlot.ch.pub’
blacklist.comlot.ch.pub 100%[==========================================================>] 2.86K --.-KB/s in 0s
2021-03-31 16:50:01 (558 MB/s) - ‘blacklist.comlot.ch.pub’ saved [2927/2927]
Funny that nginx claims the file changed... the moment I downloaded it, bit strange for a static file.
Anybody has contacts at COMLOT. As technically speaking, we should not be updating the list anymore into RPZ now; the process I have is thus stuck at the list from yesterday.... (not that it matters, with such a nice list, a bit of VPN and/or simply choosing any non-provider DNS server and voila... bypassed the law.... you, know, Their Law!
https://www.youtube.com/watch?v=zKNoU2P0dQc
Enjoy!
Greet, Jeroen
--
openssl x509 -in blacklist.comlot.ch.pub -text Certificate: Data: Version: 3 (0x2) Serial Number: 61:5d:a4:eb:83:eb:a0:a3:be:97:59:c9:56:9b:28:e9 Signature Algorithm: sha256WithRSAEncryption Issuer: C = CH, O = SwissSign AG, CN = SwissSign CH Person Platinum CA 2017 - G22, organizationIdentifier = NTRCH-CHE-109.357.012 Validity Not Before: Mar 30 13:28:58 2020 GMT Not After : Mar 30 13:28:58 2021 GMT Subject: C = CH, L = Bern, ST = BE, organizationIdentifier = NTRCH-CHE-196.380.112, O = Lotterie- und Wettkommission Comlot, CN = Lotterie- und Wettkommission Comlot Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:8d:2c:7f:48:c2:07:30:b9:fa:29:26:1d:29:83: 82:41:ef:73:2e:8e:dc:de:28:a4:6b:0b:93:0d:19: b6:ee:d2:c5:63:95:3f:d0:ed:a7:f3:80:70:e3:07: 48:6e:f3:e7:5a:d1:fd:80:d5:2e:4e:6d:3d:e1:db: 8e:44:2f:4f:a7:21:58:1d:c9:59:40:9b:97:85:4c: b6:5a:f6:cc:1a:71:a1:ef:59:59:65:f2:6c:be:25: 74:15:37:29:40:b1:6c:6d:3b:43:82:85:ee:5b:e8: 01:86:92:32:a5:f8:a9:ba:8b:85:6e:14:6e:ca:cc: 33:35:ff:7e:b7:fb:1c:c6:dc:c3:c4:f8:31:7b:73: c8:91:86:59:07:4b:75:1f:10:68:50:61:93:19:5b: ac:3d:43:c4:49:0a:ea:17:1b:ea:0e:f5:c1:7f:d5: db:c0:58:c5:61:19:dd:05:b7:b5:35:27:85:ea:ec: 70:6e:c5:a6:d5:c1:ca:5b:85:3e:42:08:14:f0:01: aa:b5:47:93:ed:ed:eb:20:35:db:d8:d8:58:da:6b: dc:3d:14:ee:e1:91:c8:85:12:d5:59:9c:fc:4f:04: 0e:f5:a4:d5:c0:ab:ec:57:6b:c1:d9:8f:1d:6b:dc: bf:5a:0e:58:a0:4c:01:0f:13:31:c0:0b:dd:ac:aa: 2b:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 1B:2B:A0:91:2C:6F:2B:92:49:EC:96:04:BD:1C:8D:36:35:45:4D:76 X509v3 Authority Key Identifier: keyid:1E:C8:04:6D:FB:72:62:51:60:A2:73:24:6F:BE:F2:5F:4D:34:92:FC
X509v3 CRL Distribution Points: Full Name:URI:http://crl.swisssign.net/1EC8046DFB72625160A273246FBEF25F4D3492FC
Full Name:URI:ldap://directory.swisssign.com/CN=1EC8046DFB72625160A273246FBEF25F4D3492FC%2CO=SwissSign%20AG%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint
X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.1.1.1.10 CPS: https://repository.swisssign.com/SwissSign-Platinum-CP-CPS.pdf User Notice: Explicit Text: regulated certificate Policy: 0.4.0.194112.1.3 Authority Information Access: CA Issuers - URI:http://swisssign.net/cgi-bin/authority/download/1EC8046DFB72625160A273246FBEF25F4D3492FC OCSP - URI:http://platinum-g2.ocsp.swisssign.net/1EC8046DFB72625160A273246FBEF25F4D3492FC qcStatements:0c0......F..0B.....F..08.2https://repository.swisssign.com/SwissSign-PDS.pdf..en0......F..0......F... Signature Algorithm: sha256WithRSAEncryption 10:08:b0:64:2d:63:90:e2:07:4e:ed:d1:87:62:0a:43:88:c8: 87:b9:85:91:ae:ba:8b:f7:f6:33:d3:cd:a0:63:37:28:28:4f: c0:ec:15:06:a7:e4:86:1f:03:28:ad:e5:32:68:14:e2:ee:6e: 62:97:fc:95:7a:ac:fe:b1:a4:24:d1:99:89:2e:cd:ee:ca:c3: 76:c9:38:8e:3b:16:bd:6f:89:5e:4a:94:d5:ea:f1:73:46:15: 41:45:a4:8a:0b:8a:14:22:35:36:8c:fa:70:bb:19:73:6e:39: 93:5d:0d:5c:43:60:8e:0e:38:ed:ac:96:74:0a:b9:51:bc:23: 51:80:4d:cf:e2:64:02:80:af:dd:ef:40:b9:ba:36:0e:aa:3d: 88:d9:29:20:56:68:39:a8:74:46:79:81:df:d0:c8:fb:4b:76: 2b:c4:41:42:e8:c6:16:f7:94:7f:30:de:ba:22:d9:67:94:a7: c2:01:4f:1f:31:2b:52:16:f3:ae:c4:b6:a4:f8:87:df:7f:92: 73:e1:89:07:05:9b:8d:e9:c1:21:8a:b6:87:59:04:12:fb:b0: f3:1a:95:0e:29:5d:95:af:a2:82:54:cb:9f:77:d7:90:00:42: 06:53:88:d4:9f:26:b0:43:e9:b0:c1:9a:24:17:69:fc:87:66: e3:67:01:bf -----BEGIN CERTIFICATE----- MIIG9zCCBd+gAwIBAgIQYV2k64ProKO+l1nJVpso6TANBgkqhkiG9w0BAQsFADB5 MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMTMwMQYDVQQDEypT d2lzc1NpZ24gQ0ggUGVyc29uIFBsYXRpbnVtIENBIDIwMTcgLSBHMjIxHjAcBgNV BGETFU5UUkNILUNIRS0xMDkuMzU3LjAxMjAeFw0yMDAzMzAxMzI4NThaFw0yMTAz MzAxMzI4NThaMIGlMQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjELMAkGA1UE CBMCQkUxHjAcBgNVBGETFU5UUkNILUNIRS0xOTYuMzgwLjExMjEsMCoGA1UEChMj TG90dGVyaWUtIHVuZCBXZXR0a29tbWlzc2lvbiBDb21sb3QxLDAqBgNVBAMTI0xv dHRlcmllLSB1bmQgV2V0dGtvbW1pc3Npb24gQ29tbG90MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAjSx/SMIHMLn6KSYdKYOCQe9zLo7c3iikawuTDRm2 7tLFY5U/0O2n84Bw4wdIbvPnWtH9gNUuTm094duORC9PpyFYHclZQJuXhUy2WvbM GnGh71lZZfJsviV0FTcpQLFsbTtDgoXuW+gBhpIypfipuouFbhRuyswzNf9+t/sc xtzDxPgxe3PIkYZZB0t1HxBoUGGTGVusPUPESQrqFxvqDvXBf9XbwFjFYRndBbe1 NSeF6uxwbsWm1cHKW4U+QggU8AGqtUeT7e3rIDXb2NhY2mvcPRTu4ZHIhRLVWZz8 TwQO9aTVwKvsV2vB2Y8da9y/Wg5YoEwBDxMxwAvdrKorbwIDAQABo4IDTDCCA0gw DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwQFMAMBAQAwHQYDVR0OBBYEFBsroJEsbyuS SeyWBL0cjTY1RU12MB8GA1UdIwQYMBaAFB7IBG37cmJRYKJzJG++8l9NNJL8MIIB BAYDVR0fBIH8MIH5MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvMUVD ODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0OTJGQzCBraCBqqCBp4aB pGxkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLmNvbS9DTj0xRUM4MDQ2REZCNzI2 MjUxNjBBMjczMjQ2RkJFRjI1RjREMzQ5MkZDJTJDTz1Td2lzc1NpZ24lMjBBRyUy Q0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz PWNSTERpc3RyaWJ1dGlvblBvaW50MIGXBgNVHSAEgY8wgYwwfwYKYIV0AVkBAQEB CjBxMEoGCCsGAQUFBwIBFj5odHRwczovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNv bS9Td2lzc1NpZ24tUGxhdGludW0tQ1AtQ1BTLnBkZjAjBggrBgEFBQcCAjAXDBVy ZWd1bGF0ZWQgY2VydGlmaWNhdGUwCQYHBACL7EABAzCB0gYIKwYBBQUHAQEEgcUw gcIwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0 aG9yaXR5L2Rvd25sb2FkLzFFQzgwNDZERkI3MjYyNTE2MEEyNzMyNDZGQkVGMjVG NEQzNDkyRkMwWgYIKwYBBQUHMAGGTmh0dHA6Ly9wbGF0aW51bS1nMi5vY3NwLnN3 aXNzc2lnbi5uZXQvMUVDODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0 OTJGQzBxBggrBgEFBQcBAwRlMGMwCAYGBACORgEEMEIGBgQAjkYBBTA4FjJodHRw czovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ24tUERTLnBkZhMC ZW4wEwYGBACORgEGMAkGBwQAjkYBBgIwDQYJKoZIhvcNAQELBQADggEBABAIsGQt Y5DiB07t0YdiCkOIyIe5hZGuuov39jPTzaBjNygoT8DsFQan5IYfAyit5TJoFOLu bmKX/JV6rP6xpCTRmYkuze7Kw3bJOI47Fr1viV5KlNXq8XNGFUFFpIoLihQiNTaM +nC7GXNuOZNdDVxDYI4OOO2slnQKuVG8I1GATc/iZAKAr93vQLm6Ng6qPYjZKSBW aDmodEZ5gd/QyPtLdivEQULoxhb3lH8w3roi2WeUp8IBTx8xK1IW867EtqT4h99/ knPhiQcFm43pwSGKtodZBBL7sPMalQ4pXZWvooJUy59315AAQgZTiNSfJrBD6bDB miQXafyHZuNnAb8= -----END CERTIFICATE----- <blacklist.comlot.ch.pub>