[SSL Observatory] did they generate impostor EV certs? (was: SSL CA compromise in the wild)
Erwann ABALEA
eabalea at gmail.com
Thu Mar 24 15:31:08 PDT 2011
They're not EV certificates, the PC OID is not their EV one, and they're
missing subject DN entries.
Le 24 mars 2011 23:19, "Hodges, Jeff" <jeff.hodges at paypal-inc.com> a écrit :
> I note that the legit certs presented by <https://login.live.com/> and <
https://addons.mozilla.org/> are regarded as EV certs by browsers -- are the
impostor certs for those two domains also treated as EV? Has anyone tested
this?
>
> thanks,
>
> =JeffH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110324/8f930cee/attachment.html>
More information about the Observatory
mailing list