[SSL Observatory] SSL CA compromise in the wild
Steve Schultze
sjs at princeton.edu
Wed Mar 23 08:26:02 PDT 2011
Hey Jacob, in your post you say:
"Mozilla offered some additional information and disclosed that addons.mozilla.org was one of the certificates acquired by the attacker. "
Where did they disclose that? I don't see it in their blog post.
Nice work btw.
Steve
On Mar 23, 2011, at 1:17 AM, Jacob Appelbaum wrote:
> Hi,
>
> I wanted to start a thread about this blog post I just finished writing:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>
> It seems timely to discuss a new metric for trust that is not a simple
> boolean.
>
> All the best,
> Jake
More information about the Observatory
mailing list