[SSL Observatory] did they generate impostor EV certs?

Jacob Appelbaum jacob at appelbaum.net
Thu Mar 24 15:29:28 PDT 2011


On 03/24/2011 03:19 PM, Hodges, Jeff wrote:
> I note that the legit certs presented by <https://login.live.com/>
> and <https://addons.mozilla.org/> are regarded as EV certs by
> browsers -- are the impostor certs for those two domains also treated
> as EV? Has anyone tested this?
> 

The certs have now been disclosed by Mozilla; Comodo still hasn't
released any more information as far as I've seen.

Here's the Mozilla bug that was opened when Comodo contacted Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=642395

Here's some of the certs:
https://bugzilla.mozilla.org/attachment.cgi?id=519863

All the best,
Jacob



More information about the Observatory mailing list