[cryptography] another cert failure

Ralph Holz holz at net.in.tum.de
Sat Jan 5 07:55:00 EST 2013


Hi,

On 01/05/2013 12:29 PM, Ben Laurie wrote:
> Unless all the people who saw it happened to be running Chrome, then
> it seems quite likely it was used maliciously, surely?

The problem is that there are many values that both "legitimately" and
"maliciously" can take. Turktrust's argument seems to be that it was
"legitimately" used for SSL interception on a firewall/proxy device.

The SANs in the rogue certs that have been published seem to support
that. Whether SSL interception is good or bad is, unfortunately, open to
debate.

That said - does Google currently hold more rogue certs than the ones
published? Chrome has some other sites pinned, too - is there actually a
list?

Ralph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130105/e6efd62f/attachment.asc>


More information about the cryptography mailing list