[SSL Observatory] Witnessed Google certificate change again (includes details like certs, CRL...)
Peter Eckersley
pde at eff.org
Wed Jan 19 17:59:10 PST 2011
On Wed, Jan 19, 2011 at 05:43:28PM -0700, Steingruebl, Andy wrote:
> > -----Original Message-----
> > From: pde at eff.org [mailto:pde at eff.org]
> >
> > Also of potential interest are the certs for google.com domains that the
> > Observatory doesn't think are valid in Firefox/IE. There are some attack certs
> > in here...
>
> Please define "attack certs"
Sorry for using a fuzzy term. I mean certs that attempt to persuade browsers
that somebody who isn't Google Inc, is google.com. For instance, attempts to
craft something a browser would regard as valid (eg row 30), or a cert that
might fool somebody into clicking through a cert warning (eg row 48) or
something that looks like it might be used on a proxy that interposes itself
into SSL connections (eg row 63).
--
Peter Eckersley pde at eff.org
Senior Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Observatory
mailing list