NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Unauthorized digital certificates detected by Google

Unauthorized digital certificates detected by Google

http://j.mp/1daroQZ  (Google Online Security Blog)

   "Late on December 3rd, we became aware of unauthorized digital
    certificates for several Google domains. We investigated immediately
    and found the certificate was issued by an intermediate certificate
    authority (CA) linking back to ANSSI, a French certificate authority.
    Intermediate CA certificates carry the full authority of the CA, so
    anyone who has one can use it to create a certificate for any website
    they wish to impersonate.  In response, we updated Chrome's
    certificate revocation metadata immediately to block that intermediate
    CA, and then alerted ANSSI and other browser vendors. Our actions
    addressed the immediate problem for our users ..."

 - - -

Another sign of the rotting Public Key Infrastructure that forces
Google and other innocent parties to pick up after the PKI's mess with
increasing frequency.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list