Re: Gmail and SSL

[Christopher Morrow <christopher.morrow () gmail com>]

On Wed, Jan 2, 2013 at 8:51 PM, William Herrin <bill () herrin us> wrote:
> secure cryptosystems." Has the EFF's SSL Observatory project detected
> even one case of a fake certificate under Etilisat's trust chain since
> then?

it's possible that the observatory won't see these in the wild, if the
observatory is on the wrong side of the connection. According to the
code EFF uses:
  <https://git.eff.org/?p=observatory.git;a=blob;f=README;h=235117a992ff83b7c04c66ba928bc1907cf76944;hb=HEAD>

it looks like they simply portscanned 0/0 for tcp/443 listeners, then
grabbed certs from the respondents. In the cases we're talking about
in this thread EFF's observatory may never be in the middle of the
conversation.

In the cases of Etisalat (or one use they may have) the scanners may
not be behind etisalat's piece of gear which uses the CA cert in
question.  "not observed in the wild" isn't really a good judge for
this particular problem I think :(

As to why the Etisalat cert isn't  yet removed, I wouldn't know... it
seems a bit fishy though.

-chris