[SSL Observatory] New bad Google MITM cert
Ralf Skyper Kaiser
skyper at thc.org
Tue Dec 10 03:40:32 PST 2013
Hi, thanks for pointing this out. The list grew over time and the heading
is no longer correct. I now changed it to:
"Other Root Certification Authorities had security breaches or allowed the
abuse (willingly or unwillingly) of the ROOT CA Key for spying purposes."
regards,
skyper
On Tue, Dec 10, 2013 at 11:31 AM, Gervase Markham <gerv at mozilla.org> wrote:
> On 09/12/13 12:42, Ralf Skyper Kaiser wrote:
> > I added the incident to https://wiki.thc.org/ssl#OtherIncidents
>
> This is incorrectly listed - the heading here is "Other leading Root
> Certification Authorities had security breaches, some of them allowed
> the attacker to issue valid certificate for any domain."
>
> As far as anyone is aware, there was no attack on the CA and no security
> breach in this case. You either need to change the heading, or remove
> ANSSI and TurkTrust and Trustwave from the list.
>
> > Will there be more public information available?
>
> The Mozilla bug is now open:
> https://bugzilla.mozilla.org/show_bug.cgi?id=946351
>
> and Google has published most of the cert chain:
> https://www.imperialviolet.org/binary/anssi-chain.txt
>
> Gerv
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/observatory/attachments/20131210/cd7a11bf/attachment.html>
More information about the Observatory
mailing list