Hi, On 01/05/2013 12:29 PM, Ben Laurie wrote: > Unless all the people who saw it happened to be running Chrome, then > it seems quite likely it was used maliciously, surely?
The problem is that there are many values that both "legitimately" and "maliciously" can take. Turktrust's argument seems to be that it was "legitimately" used for SSL interception on a firewall/proxy device. The SANs in the rogue certs that have been published seem to support that. Whether SSL interception is good or bad is, unfortunately, open to debate. That said - does Google currently hold more rogue certs than the ones published? Chrome has some other sites pinned, too - is there actually a list? Ralph
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography