According to microsoft advisory (http://technet.microsoft.com/en-us/security/advisory/2916652?altTemplate=SecurityAdvisoryPF), the CA used to sign the rogue certificate is "AC DGTPE Signature Authentification"
This certificate can be found here: http://crl2.dgtpe.fr/AC_DGTPE_Signature_Authentification.cer This certificate is signed by: http://crl2.dgtpe.fr/AC_Racine_DGTPE.cer Itself signed by: http://crl2.dgtpe.fr/MINEFI_AUTORITE_DE_CERTIFICATION_RACINE.cer Which is used to pay taxes online among other things. The associated CRL can be found on the same site: http://crl2.dgtpe.fr/AC_DGTPE_Signature_Authentification.crl You will see that two dozens certificates have been revoked since the Google announcement. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
