Fraudulent *.google.com certificate issued
Posted Sep 1, 2011 17:42 UTC (Thu) by nix
In reply to: Fraudulent *.google.com certificate issued
Parent article: Fraudulent *.google.com certificate issued
DigiNotar put the lives of innocent people in danger to make profit, violating the sanctions.
Uh, DigiNotar were penetrated
by attackers. They didn't simply say 'oh yes, Iranian government, of course we'll give you a certificate for *.google.com': agents probably acting for Iran attacked them and issued a certificate themselves. If they had simply acquiesced to an Iranian government request, they'd be putting innocent people in danger (though no CA should do that sort of thing on behalf of foreign governments, ha ha); if Iran was additionally subject to sanctions by the government of the Netherlands preventing all business relationships, they'd be sanctions-busters as a result.
But as far as I know Iran is not subject to such sanctions: there are EU-wide sanctions against Iranian banking and energy sectors, and diplomatic relationships are or were frozen at one point this year, but that doesn't mean that all business relationships between Iran and EU companies are verboten. (Not that there were any in this case anyway.)
to post comments)