<div dir="ltr"><div><div><div>Hi,<br><br></div>are any details available about the SSL Proxy product or device vendor?<br><br>(Why did mozilla (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=946351">https://bugzilla.mozilla.org/show_bug.cgi?id=946351</a>) remove the information<br>
about the device vendor from the bugtracker? I'm just curious and forwarding questions I got from reporters).<br><br></div><div>The comments also mention "..although it is odd that the certificate was observed outside of France". Are any more details available?<br>
<br></div><div>At which location was the SSL Proxy used and which Internet traffic was affected?<br></div><br></div>thanks & regards,<br><br>ralf<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Dec 9, 2013 at 8:42 PM, Ralf Skyper Kaiser <span dir="ltr"><<a href="mailto:skyper@thc.org" target="_blank">skyper@thc.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Incredible.<br><br></div><div>I added the incident to <a href="https://wiki.thc.org/ssl#OtherIncidents" target="_blank">https://wiki.thc.org/ssl#OtherIncidents</a><br>
<br>Also updated <a href="https://wiki.thc.org/ssl#BrowserManufactureFailedUs" target="_blank">https://wiki.thc.org/ssl#BrowserManufactureFailedUs</a><br>
<br>And while at it <a href="https://wiki.thc.org/ssl#EtisalatBreach" target="_blank">https://wiki.thc.org/ssl#EtisalatBreach</a> (which is a prime example of a Bad Player who we are all forced to trust).<br></div><div><br>
</div>The posting mentions "[..] we are
carefully considering what additional actions may be necessary." <br><br></div>Are there any details available?<br><br></div>Is anyone doing an investigation?<br><br>Will there be more public information available?<br>
<br><br></div><div>Seth: great work. Thanks.<br><br></div>regards,<br><br>skyper<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Dec 7, 2013 at 10:05 PM, Seth Schoen <span dir="ltr"><<a href="mailto:schoen@eff.org" target="_blank">schoen@eff.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html" target="_blank">http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html</a><br>
<br>
They caught it with pinning. I wonder if we have a sample; it sounds<br>
like it was an extremely small-scale attack (a single organization got<br>
an intermediate chaining to a publicly-trusted root in order to spy on<br>
employees with its firewall?). If that was the entire scope of it,<br>
it's relatively unlikely that anyone in that organization is sending<br>
observations to us, maybe depending on how large the organization is<br>
and whether they prevent desktop users from installing third-party<br>
software.<br>
<span><font color="#888888"><br>
--<br>
Seth Schoen <<a href="mailto:schoen@eff.org" target="_blank">schoen@eff.org</a>><br>
Senior Staff Technologist <a href="https://www.eff.org/" target="_blank">https://www.eff.org/</a><br>
Electronic Frontier Foundation <a href="https://www.eff.org/join" target="_blank">https://www.eff.org/join</a><br>
815 Eddy Street, San Francisco, CA 94109 <a href="tel:%2B1%20415%20436%209333%20x107" value="+14154369333" target="_blank">+1 415 436 9333 x107</a><br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>