[cryptography] yet another certificate MITM attack

Jeffrey Walton noloader at gmail.com
Mon Jan 14 07:39:19 EST 2013


On Mon, Jan 14, 2013 at 7:23 AM, Harald Hanche-Olsen
<hanche at math.ntnu.no> wrote:
> [Ben Laurie <ben at links.org> (2013-01-14 11:04:11 UTC)]
>
>> How is any CA involved in this?
>
> I was wondering the same thing. But then I went back to the first post
> of this series, which mentions [1] as the primary source. The actual
> evidence is seen in [2], linked to from [1].
>
> [1] http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
> [2] http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/nokia-certs/
I could be wrong, but I believe Ben was alluding to "did a CA issue a
certificate for a domain outside the control of the operator." I could
not find evidence of it from the blog, and I don't have service that
allows me to test it. So far, I've only seen certificates for that
cloud service. Otherwise, I would have gone for the jugular.

Jeff



More information about the cryptography mailing list