[SSL Observatory] did they generate impostor EV certs?
Sid Stamm
sid at mozilla.com
Thu Mar 24 15:27:05 PDT 2011
As far as I can tell, the certs in question do not contain the
Comodo/Usertrust EV OID (1.3.6.1.4.1.6449.1.2.1.5.1), and thus should
not be treated as EV in browsers.
-Sid
On 03/24/2011 03:19 PM, Hodges, Jeff wrote:
> I note that the legit certs presented by <https://login.live.com/>
> and <https://addons.mozilla.org/> are regarded as EV certs by
> browsers -- are the impostor certs for those two domains also treated
> as EV? Has anyone tested this?
>
> thanks,
>
> =JeffH
More information about the Observatory
mailing list