[cryptography] yet another certificate MITM attack

Harald Hanche-Olsen hanche at math.ntnu.no
Mon Jan 14 07:28:17 EST 2013


[Harald Hanche-Olsen <hanche at math.ntnu.no> (2013-01-14 12:23:31 UTC)]

> [Ben Laurie <ben at links.org> (2013-01-14 11:04:11 UTC)]
> 
> > How is any CA involved in this?
> 
> I was wondering the same thing. But then [...]

But then I may have responded too quickly: There is no fake
certificate for google.com in there, as you might have expected.
Instead, there is a cert for cloud1.browser.ovi.com.

That puts a whole different spin on it.

- Harald



More information about the cryptography mailing list