|
|
Subscribe / Log in / New account

Fraudulent *.google.com certificate issued

Fraudulent *.google.com certificate issued

Posted Aug 30, 2011 6:46 UTC (Tue) by imphil (subscriber, #62487)
In reply to: Fraudulent *.google.com certificate issued by cesarb
Parent article: Fraudulent *.google.com certificate issued

They are blacklisting by name and even disallowing overrides for older certs, see http://groups.google.com/group/mozilla.dev.security.polic...

"The
current patches to Mozilla products will blacklist all DigiNotar-issued
certificates based on "CN=DigiNotar " in the certificate issuer. Users
will be able to add a certificate override for DigiNotar-issued
certificates that have a notBefore date prior to July 1, 2011. Users
will not be able to add a certificate override for any DigiNotar-issued
certificates with a notBefore date after July 1, 2011, which would
include the *.google.com certificate. "

to post comments

Fraudulent *.google.com certificate issued

Posted Aug 30, 2011 10:13 UTC (Tue) by cesarb (subscriber, #6266) [Link]

I read that double negative as the opposite: they are disallowing overrides for *newer* certs (notBefore is the date when a certificate starts being valid, notAfter is the date when a certificate expires).


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds