nanog mailing list archives
Chinese root CA issues rogue/fake certificates
From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Tue, 30 Aug 2016 21:38:55 -0700
http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html One of the largest Chinese root certificate authority WoSign issued many fake certificates due to an vulnerability. WoSign's free certificate service allowed its users to get a certificate for the base domain if they were able to prove control of a subdomain. This means that if you can control a subdomain of a major website, say percy.github.io, you're able to obtain a certificate by WoSign for github.io, taking control over the entire domain.
Current thread:
- Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Mel Beckman (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Lyndon Nerenberg (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Mark Andrews (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 30)