[SSL Observatory] New bad Google MITM cert
Gervase Markham
gerv at mozilla.org
Tue Dec 10 03:31:35 PST 2013
On 09/12/13 12:42, Ralf Skyper Kaiser wrote:
> I added the incident to https://wiki.thc.org/ssl#OtherIncidents
This is incorrectly listed - the heading here is "Other leading Root
Certification Authorities had security breaches, some of them allowed
the attacker to issue valid certificate for any domain."
As far as anyone is aware, there was no attack on the CA and no security
breach in this case. You either need to change the heading, or remove
ANSSI and TurkTrust and Trustwave from the list.
> Will there be more public information available?
The Mozilla bug is now open:
https://bugzilla.mozilla.org/show_bug.cgi?id=946351
and Google has published most of the cert chain:
https://www.imperialviolet.org/binary/anssi-chain.txt
Gerv
More information about the Observatory
mailing list