LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent *.google.com certificate issued

Fraudulent *.google.com certificate issued

Posted Aug 30, 2011 6:46 UTC (Tue) by imphil (guest, #62487)
In reply to: Fraudulent *.google.com certificate issued by cesarb
Parent article: Fraudulent *.google.com certificate issued

They are blacklisting by name and even disallowing overrides for older certs, see http://groups.google.com/group/mozilla.dev.security.polic...

"The
current patches to Mozilla products will blacklist all DigiNotar-issued
certificates based on "CN=DigiNotar " in the certificate issuer. Users
will be able to add a certificate override for DigiNotar-issued
certificates that have a notBefore date prior to July 1, 2011. Users
will not be able to add a certificate override for any DigiNotar-issued
certificates with a notBefore date after July 1, 2011, which would
include the *.google.com certificate. "

(Log in to post comments)

Fraudulent *.google.com certificate issued

Posted Aug 30, 2011 10:13 UTC (Tue) by cesarb (subscriber, #6266) [Link]

I read that double negative as the opposite: they are disallowing overrides for *newer* certs (notBefore is the date when a certificate starts being valid, notAfter is the date when a certificate expires).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds