[SSL Observatory] did they generate impostor EV certs?
Jacob Appelbaum
jacob at appelbaum.net
Thu Mar 24 15:29:28 PDT 2011
On 03/24/2011 03:19 PM, Hodges, Jeff wrote:
> I note that the legit certs presented by <https://login.live.com/>
> and <https://addons.mozilla.org/> are regarded as EV certs by
> browsers -- are the impostor certs for those two domains also treated
> as EV? Has anyone tested this?
>
The certs have now been disclosed by Mozilla; Comodo still hasn't
released any more information as far as I've seen.
Here's the Mozilla bug that was opened when Comodo contacted Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=642395
Here's some of the certs:
https://bugzilla.mozilla.org/attachment.cgi?id=519863
All the best,
Jacob
More information about the Observatory
mailing list